Facebook Social Connection Does Not Return User Email Address

User Management
Mar 26, 2026
Overview

This article explains why an empty email field is returned when a user authenticates via the Facebook connection.

 

End users who originally signed up for Facebook using a phone number and later added an email address through the Facebook Account Center experience an issue where Auth0 does not retrieve the email address. The Auth0 dashboard displays a blank email address for the user profile, even though the email attribute is enabled on the Facebook connection configuration.

Applies To
  • Auth0
  • Facebook social connection
  • Auth0 Actions
  • Facebook Graph API
Cause

The issue stems from how the Facebook Graph API handles user data. Requesting the email scope does not guarantee that an email is returned. For users who signed up with a phone number and later added an email via Account Center, one of the following situations prevents the email from being returned:

  • The email is unverified. Facebook does not return an email address through the API unless the confirmation link sent to the inbox is explicitly clicked.

  • The email is not the primary contact. The phone number is set as the primary contact, and adding an email to Account Center does not automatically make it the primary contact for the Facebook profile. The Graph API often only returns the primary contact method.

  • Stale app permissions exist. If the Auth0 application was authorized before the email address was added to Facebook, the original permission grant is cached. Subsequent logins do not automatically pull the new email unless the email scope is re-authorized.

Solution

Resolve the issue by implementing an Auth0 Action as a fallback.

Developer-Side Resolution

Use Auth0 Actions to intercept logins where the email is missing to improve the user experience. Two options are available:

  1. Create a Post-Login Action that checks for an email, denies the login if missing, and provides an error message.
 
exports.onExecutePostLogin = async (event, api) => {
  // Check if the user is logging in with Facebook and has no email
  if (event.connection.strategy === 'facebook' && !event.user.email) {
    api.access.deny(
      'We could not retrieve an email from your Facebook account. Please ensure your email is verified and set as primary in your Facebook settings, or sign up with a different method.'
    );
  }
};
  1. Progressive Profiling

Redirect the user to a custom form hosted on a server to request the email address.

  1. The Action detects the missing email.

  2. The Action uses api.redirect.sendUserTo(url) to send the user to the custom form.

  3. Enter the email address into the form.

  4. The backend updates the Auth0 user profile via the Auth0 Management API.

  5. The user is redirected back to the /continue endpoint to finish logging in.

Recommended content

No recommended content found...
Need more help? Visit the Community
Visit the Auth0 Community