Social Network (Facebook, Twitter, etc) User Account Integration (duplicate scenario)

后端 未结 2 548
粉色の甜心
粉色の甜心 2021-01-31 11:42

So there are definitely many tutorials out there regarding how to integrate various individual social network authentication/registration into existing user accounts. But the s

相关标签:
2条回答
  • 2021-01-31 12:23

    I have been contemplating adding FB auth to our app, but we know that our returning users might click it and complete checkout for a new item, and then be surprised to not see any of their existing orders. To solve this, when a user clicks the 'Login with Facebook' item, we are using that click to fire a dropdown menu with two options:

    mockup

    [ Login with Facebook ]
    [ Create new account ]
    [ I have an account ]

    If the user clicks 'I have an account' we send them to FB auth and return email from FB to our app. We compare that email to our existing users. If we match, we add the FB creds to the user. If no match, we throw an alert:

    The email you have with FB does not match any of our accounts. To log in to your existing account, login with your email below, or update the email in your Facebook account

    This allows the user to create a whole new account, if they want to keep them separate, without needing a new email service. While this is an edge case, it is a feature.

    0 讨论(0)
  • 2021-01-31 12:27

    following up -

    if your users can't remember that they've signed up previously, well, best of luck to them in general ;)

    much as you described, i'm planning on giving users the option to link additional accounts once they have signed in by one means or another.

    but as far as cross-checking, there's only so much you can do. many social network APIs do indeed provide email addresses (once you've busted in through OAuth) but these may be accessible only if a user has elected to make his/her address public, which is not guaranteed.

    also not guaranteed is that the user used the SAME email address for each social network account, so even if you manage to retrieve an address it may or not be of any use to you.

    finally, if you find matching email addresses via such means, it might be advisable to prompt the user to link accounts rather than assume he/she wants this done automatically. some people like to maintain multiple personalities. i.e. "it looks like you are also signed up with twitter - do you want to link your accounts? it will make your life seem worth living."

    you might consider offering incentives to link user accounts or to provide an email address (up to you of course to figure out what these might be, based on the functionality of your website).

    solution i am working on, database-side, is to maintain multiple accounts and then if link information is discovered by various means, said link is indicated in a lookup table. an alternative is once you find a link, attempt to combine all relevant entries for the multiple accounts into one account entity - all i can say about this latter approach is that i would do so with caution as there could be a formidable level of complexity depending on the user's activity level and the complexity of your database schema.

    in my (mental/actual) namespace a user who registers the old-fashioned way has a 'standard' account and one who uses a social network has an 'alias' account. then the goal becomes to define where the alias is supposed to point, i.e. create the lookup such that a subsequent login via either means retrieves the relevant information for both accounts (with a preference for displaying personal data for the 'standard' account).

    btw i figured out how to make twitter OAuth behave since my last post - you can look at my other answers for details if you're interested.

    JB

    hi matt,

    i'm working on the same problem right now.

    assuming the user starts with regular site account (which is not necessarily safe to assume if he sees all the pretty "connect with XXX network" buttons!!!), you can use either OAuth or the javascript APIs (facebookConnect or @anywhere - haven't fully figured out the latter yet and i'm not sure I recommend it as I don't think it provides as rich an API as do the backend libraries) to login to the other sites.

    the APIs should return certain information after a successful login/redirect from the social network - such as the user ID and an ACCESS TOKEN which you can then store in your database in some capacity associating your 'actual' application user with the ID of the social network.

    when the user returns to the site, you can then

    1 verify cookies set by the social network services (various schemes typically verifying a signature, based on sha1 or md5 hash of your application data - by which i mean the data you get when you register your app with twitter/facebook, typically a consumer key, application ID, etc. - with the received cookies) so you know the user has logged in with the social network

    2 find your database entry association as described above

    3 login your user manually based on the assumption that facebook/twitter connection is secure.

    caveat: this is only as secure as your implementation (or as secure as facebook/twitter's implementations, if you prefer...)

    although twitter's OAuth does not currently seem to work quite right, their general description of the process is pretty informative: http://dev.twitter.com/pages/auth

    good luck.

    J

    0 讨论(0)
提交回复
热议问题