I have followed this tutorial: http://azure.microsoft.com/en-us/documentation/articles/mobile-services-dotnet-backend-get-started-custom-authentication/ in order for me to get a user to register with his email. I have also allowed users to login with their facebook account. The people who registers through email gets put into a table which looks like:
The problem is that if I create another table which is called "Post", how will i be able to store the userId of a person authenticated through facebook? Will I have to add them to the Account table as well if they are not found when logging in through facebook? If so, how will my table be structured to account for that?
Related
I am working on an ecommerce app. This app will have login/signup with phone no. only.
My partner does not want to create user without mobile verification. To avoid duplicate data in the database if a user doesn't proceed with OTP verification.
My aproach is to create user table and user otp table.
users:
id
name,
phone,
email
user_resources:
id,
user_id(foreign key),
otp
so as you can see otp cannot be create without a user_id.
The other idea is to create everything seprate like below. I think this design is more prone to false database. It will be defficult to create database reports.
users:
id
name,
# only two columns in users table
user_resources:
id,
user_id(users table),
otp
verify_phone:
user_id(foreign key users)
phone
is_phone_verified
verify_email:
user_id(foreign key users)
email
is_email_verified
Is the second approach good?
I have one Node.js app and database is MSSQL. I have implement the basic functionality like register, login and others like adding users. The authentication of the api is using JWT, so when a user login, he will receive a token saved on the cookie, just like normal app.
I'm going to add a new survey functionality to the app. With the survey, it does not require user login and does not ask to create a new user account, but only the person receive the invitation link can visit. What I current save on the survey main table is the email address and person name going to receive the survey and one auto generated UUID. The survey link may be /survey/UUID.
How should I do it and how to secure the survey form?
What I was thinking is to create a new token for each survey use only and attchecd with the invitation link, and then validate that token. But because it does not ask the login, I cannot validate the token with email. Should I need a Recaptcha only? Or I need to the login here, or at least need to the user confirm his email address so the token can be verify?
You could use id (primary key) AUTO increment on the main table, and 10-15 char as password. you generate token based on your format such as url/id+password. Id is always unique so its guarantee that each user will have their own token.
I want to understand how to integrate auth of Google or Facebook with my database.
I have a login system with email and password, users table and messages table for that represent messages of users.
When someone registers, a new user with userID is created.
When a user login to the system with email and password he gets an auth token,
and for each action the user makes, like POST or GET requests for fetching or creating a new message, he sends the token he got and the system finds the userID by this token, and then finds his own messages.
Now I want to add Google and Facebook login, how should I do it now?
I can get from each of them a token. but the user isn't actually exists in my user table, so when I search the user by his token, I won't get anything, because he is not exists in the user table, and when I want to insert him to this table, I need to fill the password field there but I can't get it from google.
What should be the approach to do thing like this?
Thank you.
When they first login, you can request their email from Facebook or google, the user will give your application access to see their email address.
At this point you could create a new user with that email and add a flag to say they came from facebook/google.
The rest works as normal, they would get a token from your application and so on.
In case they come back and login again, you don't need to register them as they are already in your database.
In case you need extra info from them, (more then just the info you can request from facebook/google) you could redirect them to a special form, for their first login.
We are using OAuth2 to authenticate the users to DocuSign, after the authentication we use the AccountsApi call to get account information to get the account id of the logged in user. This is in the form of "ecsddfbfa5-13d2-4e8e-c49e-a214r166b987", so we save this login information. Now, when we receive the webhook notification on completion of an envelope, we get the account id as part of the custom fields and this is in the form of "7657898" (numeric). The issue is that we can't map the notifications with the user that initiated the signing.
One way of ensuring the account ID that you get from DS event notification is the same as the one that was used to login is to do a GET /v2/accounts/{numericAccountId} and compare its response.accountIdGuid with the one you got at login-time (most-likely from GET /oauth/userinfo).
See https://docs.docusign.com/esign/restapi/Accounts/Accounts/get/
In the DocuSign GUI it shows a number in the top right corner which I presume is the company account ID. If your user is in multiple company accounts then you can switch between these accounts and the number changes. My demo account ID's are 17107 and 1133955.
I cannot find a way to get this ID using the API. I need it because a customer has multiple accounts with the same company name and we need to show the same account ID to them so they can differentiate between the accounts in our GUI like they can in the DocuSign GUI.
With the Credential API I can get the list of accounts for the user but the account ID here is the API account ID which is a GUID, not an integer.
Using a simple Login API call you'll get a list of the user's accounts. Each of the loginAccount objects within that list also contains an accountId parameter.
Please see the documentation regarding the login_information REST API call:
https://www.docusign.com/p/RESTAPIGuide/RESTAPIGuide.htm#REST API References/Login.htm?Highlight=login_information