Apple SignIn is designed in a way that you only receive the email-address and the users name during the initial signin / when you create an account. My App is running on a parse backend, so when a user signs in the first time I create a parse user and save the name and email to it. The user can delete the account in my app - when he does, I delete the parse user object which includes the id and the token, but also email and name. When a user decides to reregister, Apple assumes that he already has an account and only gives me the id and token, with which I can create a new parse user but I cannot get the email / name again. Is there any proper way to handle this issue?
You need to revoke the user token when the user deletes his account.
You can do it by using Apple API explained here in Apple docs
Once you do it, when a user deletes his account and sign in again, you will get his email and name, as if it is his first time login in your app!
Related
I am using Apple sign in to login users to my app and then authenticate on firebase. Now sometimes users do not share their email in which case Apple provides a fictious email. After sign in am storing the emails in a database by verifying them first with firebase. I update the fictious email with a real one first on firebase and then send verification email. After updating the primary email on firebase, can the user loggin again with Apple given that Apple will still provide the old fictious email.
FirebaseUser firebaseUser = await FirebaseAuth.instance.currentUser();
await firebaseUser.updateEmail(email);
await firebaseUser.sendEmailVerification();
If you update the email of a user using "Sign in with Apple", the user will still be able to login as they normally do.
Notice that there are 2 emails on the account, one set at the provider level (eg. user.providerData[0].email) and one at the top level (user.email).
On account creation (first sign up with Apple), both emails will be set to the one provisioned by Apple. After the updateEmail operation, the top level one (user.email) will be updated but the other one (user.providerData[0].email) will remain the same.
As the title suggests, I have implemented Sign in with Apple. After submitting my app online, I found that I can not get the user's email while I can get the username.
I collect the username and email and I found I can not get user email sometimes when the user first authorizes my app. Any reply appreciated!!!
The section Send Information to Your App Servers on the Apple Developer website states that this information is only returned to you the first time the user authenticates with Apple Sign In. You will need to store those details yourself in order to retrieve them again on subsequent logins.
i am working on a project that sent a URL link to a user and the user has to put the user account information to log into that account .Is there any way to implement the user account information to that link in order the user won't type every time his account information when he receiving his information?.
You will need to generate an unique link and tie it with the user for a specific period of time (for security reason). Then send the link to the user so that he/she can login using that link within that specific period of time. If that time is passed, he/she will need to request a new link.
So here's the step by step breakdown:
1. User inputs his email/phone number.
2. You check on the database if there's any user available for that email/phone number in your database. If user found, you will need to store an unique token for that user and store it.
3. Generate the link with that token.
4. When user click on the link, match the token with your database and user, and if it matches that means user is authorized and let him login. Delete the token.
Let me know if you need any more explanation.
I want to give the opportunity for a user of an app to register/login with Facebook or by creating an account. I know that I can get the user's Facebook account email address, and their first and last names. That's basically the only information for creating a 'local' app account, apart from a password. How can I make sure that if that person logs in to Facebook on another device, that their two devices are linked to the same 'local' account? (i.e if they choose to sign in with Facebook with 2 devices, I only want one local account to be created on my server for that user).
Ideally, I want the login schemes for both to be identical. So if that user logs in with Facebook, I can check (securely) that the FB account is linked to a 'local' account, and automatically log that device in without making the user type in a password. Is this possible?
Edit: The 'local' users will be stored in a database on my server, and the front end will be done in Python running alongside the API for the app. Note that 'local' is just referring to the fact that it uses my app web service rather than an external social network.
You can do that within your users database as per below:
assuming you store the user data in a table named userinfo, this table should contain user e-mail, first name, etc..
Add another column in this table named fbemail.
If users signs in using web service, his email will be saved in the email field & the fbemail should be null, if signs in using FB, then both email & fbemail should be the extracted email.
when the user uses FB login, check the fbemail field, if not found, then this is a new user, add his data, if not, then this is a returning user, no need to add his data.
Option 1.
You can identify your Facebook user by his Facebook User ID. If he logs in using Facebook on other device you know it cause he sends you his Facebook User ID in the authentication process. He also sends you Facebook access token which you validate contacting Facebook to see if it is correct. Using this approach you have to have a different authentication scheme for Facebook user and "normal", email user.
Option 2.
To have the same login scheme you can use Facebook to get user email and prepend it in the email text field in your registration screen. The user would need to additionally provide a password. This means that you are not really doing a Login with Facebook, but use Facebook to obtain an email (and any additional information) so the user does not have to type it.
This is an old post but still very valid. You are correct, anybody who has your FB email could potentially access your server rest-api and log into it. To access a backend service you will need to use as password the FB access token generated during the FB log-in. This is stored in the device keychain and can be retrieved as:
NSString *accessToken = [[FBSDKAccessToken currentAccessToken] tokenString];
NSString *userID = [[FBSDKAccessToken currentAccessToken] userID];
The topic of using a FB authentication system in parallel to a custom login/registration system is covered in this FB guide: Using Facebook Login with Existing Login Systems.
In sum, different scenarios need to be addressed:
A person signs up for your app using their email and password, but later they want to use Facebook Login to obtain data from their Facebook account, to post to their timeline, or just to use to log in with in future.
A person signs up for the app using their email and password, but later chooses to log in with Facebook separately. This guide assumes that the email supplied first and the primary email associated with their Facebook account are the same.
A person signs up for the app using Facebook Login and later wants to log in to this account using an email address and password.
The guide recommends using two different tables for the FB log-in and the custom login.
I have recently implemented login to my via facebook connect. So now users have 2 ways of logging in to the site. The old way of registering an account and the new way (facebook connect).
One thing I would like to do is link a new facebook connect user account to existing accounts if they logged in the old way.
Has anyone had any success doing this?
Very good question I think and lots of people will benefit from an answer.
What you need to remember is that accounts are only linked so long as they are authorised to be linked through Facebook. What you should do is maintain a second table of linked accounts in your database so that you know who is who and if they are linked with Facebook.
You should read this integration comment, it provides a lot of useful information.
http://crazyviraj.blogspot.com/2010/01/test-cases-for-basic-facebook-connect.html
It doesn't really say how to do things, but it makes sure you tick all the boxes of what you should be doing.
ie:
Sign Up should fail if the user denies
permission to the app (category: sign
up)
Since we need access to an email
address, Sign Up should fail if the
user provides publish permission but
denies email permission (category:
sign up)
If the user provides an email address
that already exists in your system,
fail Sign Up. Make sure no YouFace
backend tables are modified (category:
sign up, 1:1 mapping) PS - when this
happens, I didn't find a way for you
to de-authorize YouFace on the
Facebook user's behalf. The user must
manually do this if they wish you use
the same account but provide a
different email address.
Accounts created using Facebook
Connect should not be able to login
using YouFace's default email/password
login system (category: sign in,
account security). PS: Since YouFace
accounts require a password and those
created using Facebook Connect don't,
make sure to insert a random password
hash into your table to avoid silly
errors
Accounts created using YouFace should
be able to sign in without requiring
to be signed into Facebook, even if
when a link to a Facebook accounts
exists (category: sign in)
Any many more
You should be asking for permanent access through fb connect authentication. Once you've done that, you'll get a token which gives your permission to access someone's Facebook information, and that token will not expire unless the user explicitly removes you from the permission list or changes his/her password.
Once you have the token, associate that token with the user / create a new field in your user table to store it.
To associate the user with a Facebook account without the user logging in, you can try to match by email. It's not 100% accurate but it's pretty good. Facebook doesn't give you email addresses in text form but you can get email hashes from FQL. Since you already know user email addresses, you can calculate the hash for all of your user emails and search through your user base for matches every time a new Facebook Connect user signs up.