Email from facebook cannot be considered verified

[madjar]

As of now, velruse consider the email from facebook verified if the the verified boolean in the payload is true (https://github.com/bbangert/velruse/blob/8ea6a1904171ef8b95449c4ff74a0526f6205630/velruse/providers/facebook.py#L145)

According to the facebook documentation, verified is true if the user verified is email OR his phone number OR gave a valid credit card.

Thus, the email given by the facebook api can't be considered verified.

Source, and some security concerns associated to this : http://stackoverflow.com/questions/10651900/potential-security-issue-with-facebook-login.

[johanneswilm]

Hey, have you guys actually tried this out? I have tried to add some email addresses to me Facbook account, and they don't show up in my account unless I ave clicked on the verification link that Facebook sends me. This is how it has been for all the time I can remember. I also now tried to sign up for an account without verifying my email address. It is possible to sign up, but it is not possible to run any Facebook Applications until the email has been verified. It is not possible to add a phone number unless one has verified the email address. Maybe this was different in May, but that is the way it is now.

[faizanaziz]

Hey, So according to what @johanneswilm is saying we dont need to bother. If there is an email it has to be verified. Is there anyway to be sure of this?