Facebook OAuth2 does not provide user email

Question

This has been asked many times but it seems like there's no known work-around for it so I'm posting this question in the hope that someone does have a work-around for it.

I'm using NodeJS, PassportJS-Facebook.

app.get("/auth/facebook",
            passport.authenticate("facebook", {
                scope : [ "email" ]
            }),
            function (req, res) {
            });

At first I thought it's a PassportJS issue but I certainly eliminated this option.
The Facebook user account I'm using clearly states:

This app needs: 
Your basic info
Your email address (xyz@example.com)

Some links to this known issue (yet unsolved!): https://developers.facebook.com/bugs/298946933534016 https://developers.facebook.com/bugs/429653750464521 https://developers.facebook.com/bugs/482815835078469

So, do you use Facebook's OAuth service? If so, do you get the user's email? How? The "straight" way? A work-around?

Answer 1

The Facebook strategy in passportjs, expects a profileFields field in the options. Try passing "email" in the options.

strategyOptions.profileFields = ['emails', 'first_name', 'last_name'];

Alternatively, you can override the profileUrl in the options and send:

strategyOptions.profileURL = 'https://graph.facebook.com/me?fields=location,first_name,last_name,middle_name,name,link,username,work,education,gender,timezone,locale,verified,picture,about,address,age_range,bio,birthday,cover,currency,devices,email,favorite_athletes,id,hometown,favorite_teams,inspirational_people,install_type,installed,interested_in,languages,meeting_for,name_format,political,quotes,relationship_status,religion,significant_other,sports,updated_time,website';

Facebook will ignore fields that you don't have a permission to (like email).

This should go here:

passport.use(new FacebookStrategy({
    clientID: FACEBOOK_APP_ID,
    clientSecret: FACEBOOK_APP_SECRET,
    callbackURL: "http://localhost:3000/auth/facebook/callback",
    profileUrl: "  ..... ",
    //or
    profileFields: [ ... ];
  },
  function(accessToken, refreshToken, profile, done) {
    // asynchronous verification, for effect...
    process.nextTick(function () {

      // To keep the example simple, the user's Facebook profile is returned to
      // represent the logged-in user.  In a typical application, you would want
      // to associate the Facebook account with a user record in your database,
      // and return that user instead.
      return done(null, profile);
    });
  }
));

```

Answer 2

You must provide field 'scope' in settings object:

new FacebookStrategy({
    clientID: FACEBOOK_APP_ID,
    clientSecret: FACEBOOK_APP_SECRET,
    callbackURL: "http://localhost:3000/auth/facebook/callback",
    profileUrl: "  ..... ",
    scope: "email",
    //or
    profileFields: [ ... ];
  }

try to look sources.