Polo Polo - 6 months ago 81
PHP Question

Get email with facebook SDK 4.0

This is the code I have. I'm trying to get the user email but I can't. Yesterday i've was getting the email correctly but i've deleted the file by mistake. What do I'm missing now?

In login_fb.php I'm calling the email like this:

echo $_SESSION['email'];

//added in v4.0.0
require_once 'autoload.php';
use Facebook\FacebookSession;
use Facebook\FacebookRedirectLoginHelper;
use Facebook\FacebookRequest;
use Facebook\FacebookResponse;
use Facebook\FacebookSDKException;
use Facebook\FacebookRequestException;
use Facebook\FacebookAuthorizationException;
use Facebook\GraphObject;
use Facebook\Entities\AccessToken;
use Facebook\HttpClients\FacebookCurlHttpClient;
use Facebook\HttpClients\FacebookHttpable;

//init app with app id and secret
FacebookSession::setDefaultApplication( '','' );
//login helper with redirect_uri
$helper = new FacebookRedirectLoginHelper('http://www.myurl/facebook/fbconfig.php' );

try {
$session = $helper->getSessionFromRedirect();
} catch( FacebookRequestException $ex ) {
//when facebook returns an error
} catch( Exception $ex ) {
//when validation fails or other local issues

if (isset($session)) {

$request = new FacebookRequest( $session, 'GET', '/me?locale=en_US&fields=name,first_name,last_name,email,gender' );
$loginUrl = $helper->getLoginUrl( array(
'scope' => 'email'

$response = $request->execute();

$graphObject = $response->getGraphObject();
$fbid = $graphObject->getProperty('id'); // Facebook ID
$full_name = $graphObject->getProperty('name'); // Facebook full name
$first_name = $graphObject->getProperty('first_name'); // Facebook first name
$last_name = $graphObject->getProperty('last_name'); // Facebook last name
$email = $graphObject->getProperty('email'); // Facebook email
$birthday = $graphObject->getProperty('birthday'); // Facebook birthday
$gender = $graphObject->getProperty('gender'); // Facebook gender

/* ---- session variables -----*/
$_SESSION['fbid'] = $fbid;
$_SESSION['full_name'] = $full_name;
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email'] = $email;
$_SESSION['birthday'] = $birthday;
$_SESSION['gender'] = $gender;

/* ---- header location after session ----*/
header("Location: ../login_fb.php");

} else {
$loginUrl = $helper->getLoginUrl();
header("Location: ".$loginUrl);


You are calling $helper->getLoginUrl twice. The first time you have email in the scope, but you are not doing anything with the function’s return value; and the second time you don’t ask for any permissions at all.

Remove the first call to that method completely. Calling it more than once will lead to problems with the random state value that gets stored into the session. And then add the permission to the scope in the remaining call, before you redirect to that URL.

FYI: Automatically redirecting users to the login dialog is considered bad practice and bad UX; while o.k. for testing purposes, in a real, user-facing app you should trigger login only when the user requests it.