Answer the question
In order to leave comments, you need to log in
M
M
Marcel Markhabulin2014-06-02 18:34:35
Marcel Markhabulin, 2014-06-02 18:34:35
Is automatic authorization on the site safe on the returned email from the social. networks?
There is an internal user base (mail, password). We add the possibility of authorization through the social. network.
If the user has successfully logged in through the social. network (pop-up window, successful receipt of access_token, successful receipt of email from the social network),
then the user is automatically authorized with mail from the internal database.
How secure is this logic? Can't the social network somehow return the "foreign" mail address? How bad (or maybe not?) is it in principle to do such an approach?
This logic would help to make automatic binding of social. networks to site user profiles without the need for additional manipulations.
If the mail in the social. networks and on the site are different, then authorization will not pass until the site profile is forcibly linked to social networks. networks with other mail to the current profile.
Similar questions
A
N
T
Z
P
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question