Im using django-allauth for facebook connect (with js_sdk). It works fine for a user. Now consider the following scenario:
1. User A is logged in through Fb
2. User B logs user A out of Fb on the machine and logs himself in.
3. User B then tries to login with fb on my website (user A didnt log out)
This either gives a fb dialog error that "user A has logged out" or it takes me to /accounts/facebook/login/token (in case of existing user) and /accounts/social/connections saying that "you can log in through any of the third party accounts -> User A or User B (in case of a new user)
How do I deal with this scenario, I want that user B should seamlessly log in through fb (even if user A didn't log out).
Up to 0.11.1 accounts were implicitly connected when you logged in using a social account while a user was already logged in. Therefore, your scenario could not be handled properly. In current master this has been addressed -- the resulting default flows now match your expectations.
Related
In my firebase project, I have 2 apps. One for the user and one for the driver. I'm using phone/sms authentication + email and password for user to signup.
It's working fine if the user is using a different phone/phone number to signup to two different apps.
However, when I signup using the same phone/phone number to both apps(in the case where I can be a user and also a driver), it throws this error to me:
Signup error: Error Domain=FIRAuthErrorDomain Code=17015
"[ERROR_PROVIDER_ALREADY_LINKED] - User can only be linked to one
identity for the given provider."
UserInfo={NSLocalizedDescription=[ERROR_PROVIDER_ALREADY_LINKED] -
User can only be linked to one identity for the given provider.,
error_name=ERROR_PROVIDER_ALREADY_LINKED}
That's because Phone Authentication only allows a single session per user. You can not be logged in on 2 devices at the same time, for security reasons.
If you want to allow your users to login to both apps at the same time, you should consider using a different Auth Provider. Maybe Email/Password.
ERROR_PROVIDER_ALREADY_LINKED is thrown when you can try to link a credential to a Firebase user when that user already has a credential linked for that type of provider.
In your situation, I speculate, the user already has a phone number and you are trying to link another phone credential to the same user.
My application need a twitter account to create an account and authentify. Then, the user can link any other Twitter accounts as he like. So, a user has ONE main twitter account which allow him to connect to my app, then, he can browser all the accounts he has previously linked in the app. My question is about the login process on Twitter side.
First, I've thinked about setting force_login only when linking new account. This way, the user does not have to reconnect on Twitter each time he want to connect to my app. And, when he want to link another account, force_login force him to chose the right account. The problem is that Twitter stay connected to the last authentified account. So, if the user logout from my app just after linking another account, then login with twitter, he login with the second account, and create a new user on my app. Exemple:
User has two twitter accounts : #a and #b. He's authentified to Twitter with #a. He signup to my app, Twitter shows him the permissions asked by my app, user accept, he's redirected to my app, a new User which can auth with #a is created.
Then, he link #b account. Thanks to force_login, Twitter asks him for credentials. User login to #b, Twitter asks permissions, then, the account is linked to the user on my app. We now have a user who can auth with #a and who is linked to #b.
Then, session on my app is over, user needs to reconnect. Because there is no force_login, Twitter sees he's already connected with an account which authtorised my app, so connection is accepted without any action from the user. But, what nobody sees is that user was connected with the last account : #b. So, I get a signin action with #b, which means to a new user creation.
I now have two users : User1 which can auth with #a and is linked to #b, and User2 which can auth with #b. And my user doesn't understand where is its #a account.
So my question is : do I have to set force_login anywhere ? Or is there another way to tell Twitter to not authentify when linking an account?
EDIT for more details :
It's not so easy. Keep in mind that many user should manage the same account. A simple example : #Maurice and #Roy are members of #ReynholmIndustries corporation. They will create their own account on my service with their own account on twitter. So on my service, I will have User1 which can connect with #Maurice and User2 which can connect with #Roy. Then, #Maurice will add #ReynholmIndustries account to my service. So, after login in with #Maurice, he can manage #Maurice and #ReynholmIndustries. Then, #Roy will add #ReynholmIndustries too. Nobody can login with #ReynholmIndustries but #Maurice and #Roy, with their own account can manage it. And then, it's obviously possible that someone create a new user by signing up with #ReynholmIndustries.
The difficulty is when adding a new account : UserA signin to my service by signin in on Twitter. He's now authentified as #Maurice and on my service as UserA and can manage #Maurice. Then, he adds #ReynholmIndustries by signin in Twitter as #ReynholmIndustries. He's now authentified on my service as #Maurice, can manage #Maurice and #ReynholmIndustries but, on Twitter, he's now authentified as #ReynholmIndustries.
Later, he lose auth on my service and he click on signin button. He's redirected on twitter oauth form and we have now two options :
without force_login : he is authentified as #ReynholmIndustries because it is the last account he signin with. So, Twitter don't ask him to auth and he's automatically redirected to my service, but not as UserA who auth with #Maurice, but as a new user : UserC which will auth with #ReynholmIndustries. UserC can manage only #ReynholmIndustries because he's a new user.
with force_login : even if he is auth with #ReynholmIndustries on Twitter side, he will need to give login/pass and he will be sure to chose the correct account : #Maurice, to access UserA and manage the two accounts. But, he will always have to give login/pass everytime he'll have to auth to my service.
By writing this, I realise it is not a problem : if my service had a local auth, user should have too to type login/pass everytime he lose auth… maybe force_login is really the correct option. What do you think about all of this?
For me it looks like your problem is not related to twitter at all. You just need to handle the login / sign up process properly in your application.
Here is what happens, according to your description:
User signs up with #a account
Internally you create the user profile in your database (I assume that you have the database, doesn't really matter what kind of database), like this:
User A
id = 1 (your internal id)
name = UserA
accounts (related table)
twitter #a
User adds one more (#b) account
You update the user profile like this:
User A
id = 1
name = UserA
accounts
twitter #a
twitter #b
The user signs out
The user logs in back with #b account
Twitter approves it and redirects back to your app
Now you say "So, I get a signin action with #b, which means to a new user creation.". Why so? Twitter knows nothing about your application, but you do know it.
What you want to do here is just search through your database, find that you already have the "twitter #b" account and it is linked to "UserA". Then you just login the "UserA" into your application instead of creating the new user (you anyway don't want to have different users with the same twitter account, so twitter account id should be unique in your database).
I am working on an app idea and I am curious if a procedure I am thinking of will work.
When a user opens my app he/ she should login with his Facebook credentials and confirms to some permissions. Then a second user should login with his/ her credentials and confirms to the same permissions.
After the two confirmations I would want to save both credentials (and access tokens?) for future use of the app. So every time the app starts, both users get verified with their Facebook accounts and the app gets activated and can be used.
If I understand the Facebook iOS API correctly, it is not possible to login two accounts at once. So how do I:
Start app
Login user 1
Save name and gender for user 1 in a dictionary (do I need to save username and password?)
Logout user 1
Login user 2
Save name and gender for user 2 in a dictionary (do I need to save username and password?)
Logout user 2
Activate app
Above procedure should run every time an app starts.
I looked at the example app with the iOS SDK (SwitchUser) but I just do not understand where the access tokens are saved and how they can be accessed/ used to accomplish above described procedure.
All the help would be appreciated! Thanks!
I am using Facebook SDK 3.5.1 in my app, my requirement is that i have logged in the app via facebook with one user (say user A) and now if i login with other user (say user B) in mobile safari/facebook app (which one is available), in this case can my app get notified that another user logged in other than one who is logged in app.
Any references or ideas?
the user logged in still A, when the facebook sdk perform a login a token is obtained and stored localy in your application data, untill this token still valid the user A still logged in, when the token expire there are 2 option, the fb library renew the token silently and user A still logged in or the library need to autenticate again the user, at this point it's possible that a login dialog is presented by the fb library or the session expire and so a logout, and after a new login process the logged in user will be B. In case of iOS6 with a facebook account is pretty much the same a part for the renew process, so could be possible to fail the renew earlier because the user is changed... at the no, the library doesn't notify you that the user is changed, the app will be just logged out when the fb session expire
I have recently implemented login to my via facebook connect. So now users have 2 ways of logging in to the site. The old way of registering an account and the new way (facebook connect).
One thing I would like to do is link a new facebook connect user account to existing accounts if they logged in the old way.
Has anyone had any success doing this?
Very good question I think and lots of people will benefit from an answer.
What you need to remember is that accounts are only linked so long as they are authorised to be linked through Facebook. What you should do is maintain a second table of linked accounts in your database so that you know who is who and if they are linked with Facebook.
You should read this integration comment, it provides a lot of useful information.
http://crazyviraj.blogspot.com/2010/01/test-cases-for-basic-facebook-connect.html
It doesn't really say how to do things, but it makes sure you tick all the boxes of what you should be doing.
ie:
Sign Up should fail if the user denies
permission to the app (category: sign
up)
Since we need access to an email
address, Sign Up should fail if the
user provides publish permission but
denies email permission (category:
sign up)
If the user provides an email address
that already exists in your system,
fail Sign Up. Make sure no YouFace
backend tables are modified (category:
sign up, 1:1 mapping) PS - when this
happens, I didn't find a way for you
to de-authorize YouFace on the
Facebook user's behalf. The user must
manually do this if they wish you use
the same account but provide a
different email address.
Accounts created using Facebook
Connect should not be able to login
using YouFace's default email/password
login system (category: sign in,
account security). PS: Since YouFace
accounts require a password and those
created using Facebook Connect don't,
make sure to insert a random password
hash into your table to avoid silly
errors
Accounts created using YouFace should
be able to sign in without requiring
to be signed into Facebook, even if
when a link to a Facebook accounts
exists (category: sign in)
Any many more
You should be asking for permanent access through fb connect authentication. Once you've done that, you'll get a token which gives your permission to access someone's Facebook information, and that token will not expire unless the user explicitly removes you from the permission list or changes his/her password.
Once you have the token, associate that token with the user / create a new field in your user table to store it.
To associate the user with a Facebook account without the user logging in, you can try to match by email. It's not 100% accurate but it's pretty good. Facebook doesn't give you email addresses in text form but you can get email hashes from FQL. Since you already know user email addresses, you can calculate the hash for all of your user emails and search through your user base for matches every time a new Facebook Connect user signs up.