Answer the question
In order to leave comments, you need to log in
A
A
Alex2015-04-10 06:51:16
Alex, 2015-04-10 06:51:16
Social authentication network what to do?
Good morning!
For training, I decided to write a class for authentication through social networks. networks.
I figured out oauth, api too.
There was a following question:
For example on a site there is a registered user with mail [email protected]
After some time, this user decides to log in using the social. networks, say vk.com.
O presses the button, we carry out all the actions and get data from vk.
{
id: 1,
first_name: "Name",
last_name: "Last",
email: "[email protected]"
}And then I had a question, how to logically correctly merge the account that is on the site with an account from the social. networks.
It is clear that we are adding vk.id to the database.
Now I am checking the user in the database by email, if there is one, then we let him go to the site. It seems to me not a very safe approach, maybe I'm winding myself up?
2 answer(s)
@mr_T
T
Timofey, 2015-04-10 @mr_T
There is an important point here: some social networks do not give access to soap (for example, VK). Yes, and there may be a situation when there are different soaps on the social network and on the site, but the user is the same. It is better to explicitly ask for an e-mail (or better, a password too) after authorization from the provider, but if the provider has provided an e-mail, then simply substitute it in the appropriate field in the form. If you are trying to use an existing soap, then give an error and suggest first logging in, and then linking an account in your personal account (like in Habré).
Well, in the database, store provider-UID pairs either directly in the user's field, or in a separate table.
Similar questions
E
C
G
N
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question