| # |
Nov 29th 2017, 18:09 |
 ajibarra |
You could take a look here: https://github.com/CakeDC/users/blob/master/src/Auth/SocialAuthenticate.php to see how we managed that in Users Plugin, and also take a look here https://github.com/CakeDC/users/tree/master/src/Auth/Social/Mapper to see how to map data coming from fb,twitter,etc. |
| # |
Nov 29th 2017, 18:06 |
prepender |
interesting |
| # |
Nov 29th 2017, 18:03 |
ajibarra |
mainly because you are not verifying the emails...I can register somebody emails, and he could try to login with fb, both accounts would be merged and I would have his fb info |
| # |
Nov 29th 2017, 18:02 |
hmic |
if the user chooses different login options, you need to verify the second one too, if facebook is not linked already, the same as if you intentionally link |
| # |
Nov 29th 2017, 18:02 |
hmic |
sure |
| # |
Nov 29th 2017, 18:02 |
ajibarra |
If somebody already have an account in your site and he tries to login with fb, you should ask for the user password in your site to actually merge the accounts |
| # |
Nov 29th 2017, 18:01 |
hmic |
basically tell them the facebook email is differnet from their accounts - choose: dont link facebook, or update accounts email |
| # |
Nov 29th 2017, 18:01 |
prepender |
unless i lock account to fb only if they deny the merge |
| # |
Nov 29th 2017, 18:01 |
hmic |
no |
| # |
Nov 29th 2017, 18:01 |
prepender |
hmm |
| # |
Nov 29th 2017, 18:00 |
prepender |
there email is stil same as other account |
| # |
Nov 29th 2017, 18:00 |
prepender |
but then when they go to set there password |
| # |
Nov 29th 2017, 18:00 |
prepender |
so baically a prompt like hey you already have an account with that email would you like to merge |
| # |
Nov 29th 2017, 18:00 |
hmic |
*fg* |
| # |
Nov 29th 2017, 18:00 |
prepender |
hmm idk why I didnt think of the let them choose |
| # |
Nov 29th 2017, 17:59 |
hmic |
you can let them choose what to do even... |
| # |
Nov 29th 2017, 17:59 |
hmic |
can either not link facebook with different email or update your data with the returned email |
| # |
Nov 29th 2017, 17:58 |
prepender |
register w facebook after they hae an existing account and there email is unverified on the site |
| # |
Nov 29th 2017, 17:58 |
prepender |
yeaa thats not an option for me as much as I love fb lol |
| # |
Nov 29th 2017, 17:57 |
prepender |
buwhat if they register w facebook after they already have an unverified account |
| # |
Nov 29th 2017, 17:57 |
hmic |
allowing login via facebook only is the other option :p |
| # |
Nov 29th 2017, 17:57 |
hmic |
yes |
| # |
Nov 29th 2017, 17:57 |
hmic |
if the registered but unverified email does not match the facebook one, thats an error and you do not link the accounts but show an error |
| # |
Nov 29th 2017, 17:57 |
prepender |
hmm so if they register w facebook first I can prompty them to set a password then and there |
| # |
Nov 29th 2017, 17:56 |
hmic |
if you dont require email on your site, but a username, you can link them up afterwards |
| # |
Nov 29th 2017, 17:56 |
hmic |
thats what you do, yes. |
| # |
Nov 29th 2017, 17:55 |
prepender |
well FB recommends merging the 2 accounts if the same email |
| # |
Nov 29th 2017, 17:54 |
hmic |
if you link to a facebook account, you get their account info back for you to use |
| # |
Nov 29th 2017, 17:54 |
hmic |
that is what it is. |
| # |
Nov 29th 2017, 17:54 |
hmic |
if you allow everybody to make an account for any email without verification |
| # |
Nov 29th 2017, 17:54 |
hmic |
whats your question? |
| # |
Nov 29th 2017, 17:53 |
prepender |
I should give them access to data from an account w a verified user? |
| # |
Nov 29th 2017, 17:53 |
prepender |
doesnt mean they are the user |
| # |
Nov 29th 2017, 17:53 |
prepender |
so anyone can make an account on an email |
| # |
Nov 29th 2017, 17:53 |
hmic |
so what? |
| # |
Nov 29th 2017, 17:51 |
prepender |
my website doesnt require verification |
| # |
Nov 29th 2017, 17:51 |
prepender |
well I mean |
| # |
Nov 29th 2017, 17:51 |
hmic |
you get the email address back from facebook? - that seems confirmed to me :p |
| # |
Nov 29th 2017, 17:48 |
prepender |
Question. So in regard to the login flow, FB recommends merging app registered user with fb registered user. But what if users have unconfirmed email addresses on the website? I'm trying to come up with a solid flow here that is most convenient for the user. |
| # |
Nov 29th 2017, 17:40 |
inoas |
it should be a 1min job |
| # |
Nov 29th 2017, 17:40 |
inoas |
Martin`: can you take a look? |