D
D
dimonkoz2016-04-08 16:43:55
Mobile development
dimonkoz, 2016-04-08 16:43:55

How to implement user authentication on your own server from a mobile application using social login. networks?

Tell me please.
I want to implement an entrance through popular social networks from a mobile application. There is already a working server for registration and authentication by (mail/tel) and password. Further, interaction with the server occurs by exchanging a token. How to authenticate a user on his own server with the creation of his own profile? Here's what I'm specifically interested in:
1) Let's say the social network provides a unique field (mail, phone, id). Do you have to force me to come up with a password? Or there is an opportunity how to use access-token, but it is not eternal.
2) Suppose the application has the ability to use 2 social networks. How to safely force the server to recognize the user as one person, if at some point he logged out of one account, and then decided to log in under the account of another social network?
We need a new solution. I will be glad to hear from everyone who answers his vision of solving the problem!

Answer the question

In order to leave comments, you need to log in

3 answer(s)
X
xmoonlight, 2016-04-08
@dimonkoz

We determine the UUID, look for this UUID in the database.
In the absence of this UUID: we bind it to the first E-MAIL (manually: login + password or OAUTH) and send it to the server, then we ask you to enter the desired LOGIN in the system.
Bind UUID to LOGIN.
It turns out a bunch: LOGIN-> UUID-> E-MAIL
When entering from another social network: by UUID, also put new mail on the server.
When entering with an email address - determine the UUID based on the available mail (children) and then - branching:
1. ONE method - authorization through it.
2. MULTIPLE (several social networks OAUTH, password) - we display a list of possible methods (NOT E-MAIL-OV!)
In general, the structure in the end for one account:

LOGIN->[UUID-1]->[E-MAIL-1]
.............................
LOGIN->[UUID-1]->[E-MAIL-N]
.............................
LOGIN->[UUID-N]->[E-MAIL-N]

The structure will allow you to log in from several devices (including new ones), as well as with several authorization methods for all these devices (regardless of the OS and platform).

O
Oleg Gamega, 2016-04-08
@gadfi

2) Suppose the application has the ability to use 2 social networks. How to safely force the server to recognize the user as one person, if at some point he logged out of one account, and then decided to log in under the account of another social network?

this is usually done using email - if the email matches, then this is one user

D
Dim, 2016-04-09
@Dek4nice

https://oauth.io/

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question