I am building OAuth into my express app. When a user authenticates with Facebook or Google and I use that token to call eitherfb.api('me', { fields: ['id', 'first_name', 'last_name', 'email', 'cover'], access_token: accessToken}orplus.people.get({ userId: 'me', auth: self._client}Can I safely assume that the email Facebook or Google hands back to me is verified? I have read conflicting answers on this online. Some stack overflows say "Yes, Facebook only provides verified emails" and I have other people saying "don't trust anything".Normally it is not a big deal, but I can't create a user account until I know the email is verified. Being able to somewhat trust Google/FB to have done that cuts down on the sign-up friction a ton.What are your thoughts?
Submitted April 24, 2019 at 07:14PM by billymeetssloth
No comments:
Post a Comment