We found something strange in the authentication process, we think that during the authentication, we get the wrong email address for users in some cases.
I think that happen if a user changes its email address in Asana.
In the response, we receive the email address of the user.
In our app (bridge24.com), we keep it and update the local customer information.
But, some users contacted us, asking why we use an old email address they they no longer use in Asana.
After some analysis, we found that:
When we query
GET /users/me/
for these users, the email received is not the same. It’s the good one.
It looks like the oauth_token endpoint is not returning the actual email address, but the original address that was used when the user creates its Asana account initially.
In case you are interested in what Asana support told me when I contacted support about it.
It’s normal, because we can add more than one email in our account. (???)
Ok, and??
Nothing about, why do I get a different email between “token” and “user”.
So, we will keep the fix we added, after getting the token, we do not use that email as reference, but we do another GET to /user/me, and we use that email instead.
Is that the right understanding? If so, how long ago do you think the email change was from the OAuth step? My guess is that the time between the user updating their email in Asana to performing OAuth is not enough time for our writes to propagate and hence why we return the old email address. If the old email is still being shown in the OAuth response even after a few hours or days this might be a bug.
You are right, we think that we should receive the same email when we call “…/oauth_token” than when we call /users/me.
And, the good one is from /users/me.
I don’t know when it started, we recently changed our authentication method in B24, to only use asana oauth, instead of having an independent username/pwd for bridge24.
From that change, we decided to use asana email to update the contact info of our user.
That’s why some users contacted us about issues when we try to link their b24 account with asana account.
For them, they told us that the wrong email we use was changed several months or years ago in Asana!
So, I don’t think it’s a propagation issue !!
I don’t know the exact reason why we get that situation, and steps to reproduce. I don’t know if it always occurs if someone change its email.
But, for now, we’re ok with the workaround we added.
Thank you for confirming. I’ll bring this up to our API team’s attention. I can’t guarantee that there will be an immediate fix if this was determined to be a bug, but I am glad that you were able to find a workaround with /users/me.