5

We're building the website for our local Developer Community. We're trying to enable "Login with Stack Exchange" (we already got LinkedIn and GitHub), but I can't seem to find the User's email when querying:

https://api.stackexchange.com/2.2/me/

But it doesn't seem to have the Email address of the user:

enter image description here

We are passing both key and access_token of the authorized user (that we got from SE.authenticate()).

Is there any other end-point that we need to query?

Improve this question

1 Answer 1

Reset to default
4

The API does not provide any method to determine a user's email address and it is unlikely to do so in the future. This would be a risk to both the user's privacy and his/her trust in Stack Exchange. And, a pressing need for this information has yet to be demonstrated, regarding the API.

Note that Stack Exchange refuses to even provide the user's email hash via the API, even though this information was once available via the data explorer.
(Providing email would be much more egregious than providing the hash.)

Even a typical auth warning like: "This application asks for your email and will do unspeakable things with it." is not sufficient protection.
A naive/underage/frazzled/rushed user often won't realize the risk/ramifications when they see such a notice, before clicking "approve". But they will remember that "that sucky Overflow site gave away my email!" ;-)

If your app really needs the user's email, ask the user for it directly.

They then can decide if they want to divulge that information.

Improve this answer

6 Comments

Alright. I didn't see any documentation stating it, so I was hopeful. Maybe something like that should be added somewhere, just stating exactly the above.
What is the point o oauth2 if i can not get user email? I do not see any good thing from oauth2 feature on stackapps.com.
@pregmatch, The point is you CAN see several things that are normally private to the user; refer to the API docs for a list. (Technically, only your app should see these things. Personally looking for this info is usually a major breach of trust.) ... ... Since your app is supposed to help the user, why would you need to tell him his own email? If you need it for some other reason, ask the user directly.
"This would be a risk to [...] the user's privacy"? So would allowing an app to read a user's inbox. Or, say, perform writes on behalf of the user. Yet those scopes are available. An 'email' scope is pretty standard. This is part of what OAuth is for. No upvote from me based on the opinions expressed in answer, despite the information about the unavailability of email notbeing useful (no downvote, either)
Even Facebook, GitHub and LinkedIn all provide user email when asked with the adequate scope... Do you believe they break their user's trust by doing so, and you don't? This actually sounds a bit pedantic.
|

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.