25

Apparently you can do this with the Facebook provider by adding scopes to the FacebookAuthenticationOptions object in Startup.Auth.cs:

http://blogs.msdn.com/b/webdev/archive/2013/10/16/get-more-information-from-social-providers-used-in-the-vs-2013-project-templates.aspx

List<string> scope = new List<string>() { "email" };
var x = new FacebookAuthenticationOptions();
x.Scope.Add("email");
...
app.UseFacebookAuthentication(x);

How to do the same with Google provider? There isn't a x.Scope property for the GoogleAuthenticationOptions class/object!

Zain Rizvi
  • 23,586
  • 22
  • 91
  • 133
PussInBoots
  • 11,028
  • 9
  • 52
  • 84
  • best solution for this [Facebook Graph API with access token only](http://stackoverflow.com/questions/31714500/access-email-address-in-the-oauth-externallogincallback-from-facebook-v2-4-api-i?lq=1) – Ravi Anand Feb 26 '17 at 22:26

3 Answers3

47

PLEASE SEE UPDATES AT THE BOTTOM OF THIS POST!

The following works for me for Facebook:

StartupAuth.cs:

var facebookAuthenticationOptions = new FacebookAuthenticationOptions()
{
    AppId = "x",
    AppSecret = "y"
};
facebookAuthenticationOptions.Scope.Add("email");
app.UseFacebookAuthentication(facebookAuthenticationOptions);

ExternalLoginCallback method:

var externalIdentity = HttpContext.GetOwinContext().Authentication.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie);
var emailClaim = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Email);
var email = emailClaim.Value;

And for Google:

StartupAuth.cs

app.UseGoogleAuthentication();

ExternalLoginCallback method (same as for facebook):

var externalIdentity = HttpContext.GetOwinContext().Authentication.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie);
var emailClaim = externalIdentity.Result.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Email);
var email = emailClaim.Value;

If I set a breakpoint here:

var email = emailClaim.Value;

I see the email address for both Facebook and Google in the debugger.

Update 1: The old answer had me confused so I updated it with the code I have in my own project that I just debugged and I know works.

Update 2: With the new ASP.NET Identity 2.0 RTM version you no longer need any of the code in this post. The proper way to get the email is by simply doing the following:

  1. Startup.Auth.cs

        app.UseFacebookAuthentication(
       appId: "x",
       appSecret: "y");

    app.UseGoogleAuthentication();

  2. AccountController.cs

    //
// GET: /Account/ExternalLoginCallback
[AllowAnonymous]
public async Task<ActionResult> ExternalLoginCallback(string returnUrl)
{
    var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync();
    if (loginInfo == null)
    {
        return RedirectToAction("Login");
    }

    // Sign in the user with this external login provider if the user already has a login
    var result = await SignInHelper.ExternalSignIn(loginInfo, isPersistent: false);
    switch (result)
    {
        case SignInStatus.Success:
            return RedirectToLocal(returnUrl);
        case SignInStatus.LockedOut:
            return View("Lockout");
        case SignInStatus.RequiresTwoFactorAuthentication:
            return RedirectToAction("SendCode", new { ReturnUrl = returnUrl });
        case SignInStatus.Failure:
        default:
            // If the user does not have an account, then prompt the user to create an account
            ViewBag.ReturnUrl = returnUrl;
            ViewBag.LoginProvider = loginInfo.Login.LoginProvider;
            return View("ExternalLoginConfirmation", new ExternalLoginConfirmationViewModel { Email = loginInfo.Email });
    }
}
PussInBoots
  • 11,028
  • 9
  • 52
  • 84
  • 2
    So could we register the user with that email address instead of asking them to provide a username? – The Muffin Man Feb 09 '14 at 00:18
  • 2
    Yes, you can do that. I,ve done that in my own webapp. Works fine. – PussInBoots Feb 11 '14 at 08:57
  • @TheMuffinMan be aware of the providers you choose to trust. We can bet (and verify) that companies like Facebook and Google have already verified the email address in their claims, but other providers (think random OpenID provider) may or may not. – Jeremy Cook Feb 18 '14 at 01:25
  • 4
    Regarding Update 2 - I still had to use the Scope.Add("email") code to get the users email address. By default, I think you only get *public* profile information. – Dunc Jun 05 '14 at 09:51
  • What about vary the scope *during runtime* and not defining them at startup? – simbolo Jul 13 '14 at 20:14
  • just to point out: "loginInfo" doesn't have the "Email" property in previous versions of Microsot.AspNet.Identity.Owin. You have to update it. – Marco Alves Jul 22 '14 at 03:08
  • 4
    I have an Email property, but it's still null. – a.farkas2508 Sep 29 '14 at 11:21
  • @a.farkas2508 did you try with a clean default MVC 5 app? – PussInBoots Sep 30 '14 at 08:39
  • @PussInBoots Yes, I see an email in facebook & google login, but not in twitter. Is there some security policy, that twitter won't let me see it? – a.farkas2508 Sep 30 '14 at 15:18
  • I'm using Microsoft ASP.NET and Web Tools 2015 (Beta8) and I get a null value for a user – Brian Oct 22 '15 at 02:01
  • Things might have changed in asp.net 5. The answer in this post is for 4.5. – PussInBoots Oct 22 '15 at 19:57
  • 5
    I've tried this solution with Microsoft.AspNet.Identity.Core.2.2.1 and FB auth and email is always null.. is it still a right approach? – alexxjk Mar 12 '16 at 15:04
  • @alexxjk I ran into the same issue. Check out my answer below for the fix or visit my blog post at http://zainrizvi.io/2016/03/24/create-site-with-facebook-login-using-asp.net-core/#getting-the-email-address-from-facebook – Zain Rizvi Apr 01 '16 at 02:04
  • check this. http://stackoverflow.com/questions/32059384/why-new-fb-api-2-4-returns-null-email-on-mvc-5-with-identity-and-oauth-2/32636149#32636149 – Levent KAYA Jul 13 '16 at 20:56
6

You need to explicitly configure the FacebookAuthenticationOptions to get the email address from the authenticated user.

In your MVC5 project, add these lines in the Startup.Auth.cs

        var options = new FacebookAuthenticationOptions() {
            AppId = "xxxxxxxx",
            AppSecret = "xxxxxxxxx"
        };
        options.Scope.Add("email");
        app.UseFacebookAuthentication(options);

Update Reduced my sample code to the absolute minimum. Your updated code works fine by the way, I have also tried it with both Facebook and Google.

pedrusky
  • 246
  • 2
  • 4
4

In ASP.NET Core Facebook authentication the Facebook middleware seems to no longer pass in the email, even if you add it to the scope. You can work around it by using Facebook's Graph Api to request the email.

You can use any Facebook Graph Api client or roll your own, and use it to invoke the Graph api as follows:

app.UseFacebookAuthentication(options =>
{
    options.AppId = Configuration["Authentication:Facebook:AppId"];
    options.AppSecret = Configuration["Authentication:Facebook:AppSecret"];

    options.Scope.Add("public_profile");
    options.Scope.Add("email");

    options.Events = new OAuthEvents
    {
        OnCreatingTicket = context => {
            // Use the Facebook Graph Api to get the user's email address
            // and add it to the email claim

            var client = new FacebookClient(context.AccessToken);
            dynamic info = client.Get("me", new { fields = "name,id,email" });

            context.Identity.AddClaim(new Claim(ClaimTypes.Email, info.email));
            return Task.FromResult(0);
        }
    };
});

You can find a more detailed example about how to use it here: http://zainrizvi.io/2016/03/24/create-site-with-facebook-login-using-asp.net-core/#getting-the-email-address-from-facebook

Zain Rizvi
  • 23,586
  • 22
  • 91
  • 133
  • This also seems to apply to non core MVC 5 projects (Nov 2017) - a null loginInfo object always seems to come back. – niico Nov 12 '17 at 16:39