There are plenty of threads out there discussing "how can a user remove permission for an app". I would like to know the opposite: How can I remove a user who is connected to my app using facebook single signon? The user pressed the facebook login-button and user logged in to my website by facebook login. Now i need to get list of users who are connected using fb login and need to delete those users.
Thanks in advance.
Related
I use djoser, social_django, rest_framework_social_oauth2 for registration and authorization of users in django by github.
For create a new user (if it doesn't exist) or log in use /convert-token.
But the site needs functionality to link a social account (if the user is logged in with username / password). How can I do it?
I tried to redefine pipline, but it didn't work. Now after the request(/convert_token), a new user is being created, and i dont know how to link a social account to a specific user manually.
Write if you need to attach a code or something else. Also, if there are other modules that implement this functionality, please write
I'm working on my first MERN fullstack project (an e-commerce demo). I have almost finished the authentication part, but I am having doubts about how to manage the users who have the same registration email both through custom sign-in and google login on the MongoDB database.
While doing various researches, I noticed that one of the methods used is the following:
1- If the email of the user who logs in via google login is already saved in the database as the same user had already registered via traditional sign-up, a new user will not be created in the database, but with both methods of signing -in we will point to the same user already saved with that email.
2- If there are no users saved in the database with that email (as the user logged in for the first time with google login and did not first register traditionally), once the user logged in with google login, it will be saved to the database for the first time.
However, this method presents problems with regard to the second type of users mentioned above.
In fact, if we merge the accounts with the same email on the database, if the user logs in for the first time with google, no password will be saved on the database. Therefore, if the same user decides in the future to log in in the traditional way, he will not be able to do so because he will not be able to fill in the password field.
How to solve this problem?
Usually sites with the "first Google login immediately creates an account" have 2 solutions to this problem:
As part of the "immediately create an account", they directly ask the user to choose a password.
Alternatively, their "Change password" section allows creating a password should there be none yet. Therefore the account is indeed passworld-less at the beginning, but the user can opt to add a password.
For the 2nd solution, there's the small problem that if the user loses access to their Google account and didn't set a password, they're locked out. Rare case which might not be worth looking out for. And perhaps your Customer Service can still help them out.
This is the my web-app "User Settings" page.
I have simplified it to a minimum to better highlight the problem.
To authenticate users I use Auth0, I wanted to use the sub claim user_id to identify the users inside my MySQL database for update and retrieve user's info. Unfortunately the user_id is different for each provider, for example, if the same user with the same e-mail logs-in via Auth0 he gets a user_id if he does it via google he gets another one.
I thought about using email to link logged user to his info.
The problem is in my API. Before the change it was "localhost: 8080 / api / users /: id"
each time it created a new id and in any case it was impossible to recover the data of the single user. Now that I have replaced "id" with "email" my API has also changed in "localhost: 8080 / api / users /: johnsmith#xxx.com".
Before:
After:
In a few words, the request url on the client side has also changed.
I would like to make sure that the GET and PUT requests are made based on the e-mail of the logged user without going to modify the whole back-end.
Sounds like something is wrong with how you authenticate users. If you have multiple ways to authenticate a user, those methods need to be in a one to many relation with the user. For example each user has a list of auth-methods, and whenever an authentication is made you check your table of authentication methods and find the one user it maps to.
Im not sure if you are doing this yourself or if the framework you are using is handling that, but it sounds like you need to change the model to allow many Auth methods for a single account.
Also you could use email, but that is also an "old" way of uniquely identifying users almost every single person has multiple active email accounts nowadays, so you should also have a one-to-many relation for users to emails. What if the user has different email accounts for their Facebook and Google accounts?
See account linking here: https://auth0.com/docs/users/user-account-linking
It is dangerous to trust that the external providers are truthful about what email belongs to who. What if I open a new account using someone else's email on one of the providers? Then I can log into that users account in your application, which is a pretty big security risk.
For starters, I am on Ubuntu 14.04.
When I try to connect my username to the server and it asks for logging in with social network, I am unable to do so.
For "Login With Facebook", the page ends up going to facebook and a pop up displays saying:
App Not Setup: This app is still in development mode, and you don't
have access to it. Switch to a registered test user or ask an app
admin for permissions.
So, I guessed the facebook app wasn't set up properly and created a new user using Twitter. But logging in with Twitter fails as well. The OAuth goes through but when coming back to the app it says:
We were not able to match your social media account with this
username. Ensure your username is correct or the social media login
method is correct. Please close the browser and try again.
The link for "Or visit the Code Rally community for more details!" doesn't work either and I can't comment on any of the blog posts.
I am running out of social network logins so please advise what to do. Also, one thing to note is when I signup, I signup with a different email than the social network one, would that have anything to do with it?
which server are you trying to login on? (NA/EU/BR/IN/CN etc).
I'll go check the Facebook setup now to make sure I've not missed something, however it will help me narrow down the issue if I know which server is having issues.
The reason you can't login with Twitter on your ID is that it will already be associated with your Facebook ID which you registered with on InfoQ's contest site. To use Twitter you'll need to re-register a new ID on InfoQ's site and link it to your Twitter account (although I'd prefer to fix whatever is messing with the Facebook login).
edit
Looks like there was an issue in our Facebook OAuth config - it should be fixed now :-)
I was playing with the loginWithExternalService methods under Accounts and I was sad to find that while you could create new users with one of these services or log in those who already had credentials, there was no way of allowing currently logged in users to augment their methods of authentication so that they could log in with any of the services they have authenticated through. Is there a way of dumping information like a user's FB profile or a user's Twitter url into their existing, currently logged in account? I tried customizing accounts-base but this.userId returns null within it so I cannot do updates to the currently logged in user there.
There should probably be a better API for this, but at the moment (Meteor 0.5.2) the following server code will create a user associated with an Facebook ID.
var newlyCreatedUserId = Accounts.updateOrCreateUserFromExternalService(
'facebook',
{id: FACEBOOK_ID},
{additionalFieldOnUserDocumented: 'foo'}).id
If you dig into the implementation of Accounts.updateOrCreateUserFromExternalService you can see how to add these fields to an existing user.