I am developing iphone application which has multiple login like this ex. Facebook,Twitter and Google+. Now i want to enable multiple login for same user.So i have a doubt that what can i do after user sign in with facebook and then twitter(without log out from facebook).I need suggestion like if user is logged in with facebook and then user want to login with twitter then i disable facebook sign in button?
I also have doubt that if in facebook profile user has name like "abc" and in twitter profile user has a name like "xyz" then which information do i keep in database of my app.Do i give priority to user for storing user information in database? like if there is conflict of name then i can give priority to user like 1st priority:facebook 2nd priority:twitter and so on.
Do i have to create seperate UI for setting priority?
To answer your question:
Following parameters are considered:
1) How to support connecting multiple social platforms at the same time (link my Google+, Twitter, and Facebook accounts ala Quara/LinkedIn)?
2)How you would support login / sign up from the major social platforms?
3) How to support multiple logins from a single platform (e.g. login with more than 1 Facebook account)?
Related
Some questions to OAuth Consent Screen:
Is any data that I input while configuring OAuth Consent Screen editable? For example if I decide to change my app's name, can I edit that?
Does the OAuth Consent screen need to be submitted/verified/published in order to use it to test features like achievements or leaderboards?
When choosing the support email, can I choose it from the list if I add that email to the project, or do I need to be logged in with that email and do the whole process from that account?
Is any data that I input while configuring OAuth Consent Screen editable? For example if I decide to change my app's name, can I edit that?
Yes you can edit the consent screen on google cloud console for the project. The app will need to be verified again if you change things like name, description, or any of the URLS like privacy and home page.
Does the OAuth Consent screen need to be submitted/verified/published in order to use it to test features like achievements or leaderboards?
Not sure on this one. My guess would be no if your just testing something it doesn't need to be verified until you are in production.
When choosing the support email, can I choose it from the list if I add that email to the project, or do I need to be logged in with that email and do the whole process from that account?
oauth-2.0.
You need to create a google user with that email address. then you can add that user to your project and set them as the support email. They need to have access to the project you cant just add anyone.
We create users with their email address. We send email to each user with a link to change password api with changePasswordId. When user clicks the link, he will be redirected to change password screen where he can set the password and access the application. This works.
But, now we want to allow users to register with their social Idps upon receiving invitation/verification email. Can't see any fusionauth documentation on this part.
Questions are as follows
How to let user select their social Idp while verifying their email?
Can a user have multiple logins with different Idps for one application in FusionAuth?
Is there any linking api which links all external user accounts with their fusionauth user account?
The flow we are expecting is :
Invite User -> User clicks link -> User will be presented with set
password and social logins-> User chooses google -> Google
authenticates user and returns token back to fusion auth -> fusion
auth links user's google account with already created (invited) user
account. -> Next time user logs in with google account -> Fusion auth
identifies the user and allows him to access the application.
Updated :
Let me try to explain our situation and need, with less focus on the password setup task:
We need to set up new users that are associated with google based education accounts on custom school domains. Teachers and students that might have addresses like first.last#middle.school.com We need to take the class roster from Google Classroom, initialize accounts for each student in our backend via our API which also creates FusionAuth user and app registrations for each.
Schools don't often want kids setting passwords on vendor sites. When we send the account confirmation / verification email to the new cohort of students they would ideally be directed to the approved and configured method for that domain (perhaps Google, Microsoft, other SAML or password). If we can't get selective about the confirmation method shown after the student provides her invited email address then we could present multiple confirmation options on the same screen and let the teacher direct the students to the correct choice.
But in summary we need to avoid requiring password setup and support confirmation with the invited social account when required by the school.
If I understand your use case correctly, what you want is to add the "Login with Google buttons" to the Setup Password workflow. This is different than the Email Verification workflow, so if you are looking for a way to log users in with their social profiles during Email Verification, that's something completely different. In fact, I don't think that is a use case because after the user verifies their email, they need to log in again and they can do that using their social profile.
Unfortunately, FusionAuth doesn't fully support the ability to allow someone to use the Setup Password workflow using a social login. It might be possible though using the Email Templates and Theme editor in FusionAuth. I haven't tested this, but you could try it and see if it works.
What you would do is to pass in a URL parameter to show the social login buttons during the Setup Password workflow. This would be something you could do in the email template for Setup Password like this:
Click this link to setup your password:
<a href="https://example.com/password/change/${changePasswordId}?showSocial=true">
Setup Password
</a>
Then, using the Theme editor in FusionAuth, you would add some code in to show the buttons like this (the ?? part is to handle when the parameter is missing):
[#if showSocial?? && showSocial]
show social buttons here
[/#if]
You could give that a try and see if it works for your use case. If it doesn't work, you can always open a feature request for this on our GitHub issue tracker and we can see if it receives enough upvotes to get on the roadmap. You can also engage FusionAuth professional services to build this feature for you as well.
For your other questions, you can have as many logins with external IdPs as you want for a single user. The user is unique by their email address.
I'm not sure what you mean by "linking api", but if a user logs in with an external IdP, their tokens from those external providers are stored on the user object. You can look up those values and then call third-party APIs with their access_tokens.
UPDATE 8/27/2019
Ah yes. The social login buttons do require all of the OAuth parameters, so this solution won't work because those parameters aren't part of the Setup Password workflow.
I guess I'm confused on how this actually works and whether or not this is a workflow FusionAuth should be handling. Social logins aren't generally used for account verification. They are normally used for account creation. For example, you could just send the student to FusionAuth before their account is created, they login with their Google classroom account, and then they have a FusionAuth account. Is there any reason the student can just login in after their account is created? Is that not essentially the same thing?
Could you do something where students that have accounts in Google Classroom are created in FusionAuth with a randomly generated 32 character password (for security) since they will be logging in with Google regardless. You can then just send them an email with a standard login link.
For students that login in with a username and password to FusionAuth directly, send them a Setup Password email. This will let them pick their own password.
In terms of account Linking, FusionAuth links accounts automatically based on email address (the unique login identifier actually). Therefore, you don't need to call any extra API to associate the social login with a user.
I might still not be clearly understanding the use case, so feel free to contact us directly using the form on our website. We might need to setup a web conference to discuss your needs in detail.
Does anybody know what will happen to my existing users when I will change Facebook app ID in allauth (socialauth) configuration?
Will "login with FB" try to create new django accounts or will it just log users in to existing ones (and obviously, asking via FB for permission)?
I'm in a situation where I have large amount of users signed up using FB but now I'm forced to create new FB app and switching to it.
Have checked it out. The answer is yes, users will fall into the signup flow instead of being logged in.
It's because Facebook assigns app-scoped ID to users. An app doesn't know user's original ID, it gets user's ID generated especially for this app. For this reason django-allauth won't recognize existing FB users (from previous FB app).
I've implemented Twitter Login in my iOS app with the following tutorial:
https://dev.twitter.com/twitter-kit/ios/twitter-login
But after I chose a Twitter account when I log in the first time, the app always defaults to this account. I would like to enable users with multiple accounts to select the Twitter account they'd like to log into each time.
How can I re-enable the UIActionSheet that allows the user to select which Twitter account they want to use for login?
There is a method Twitter.sharedInstance.logOut to delete the local Twitter user session. And you also should clear Twitter-related cookies in NSHTTPCookieStorage to prevent using of old credentials in further UIWebView-based login sequence.
The new Twitter Kit 3.0 now supports this flow by default. Every time that login is called, the user will be able to add or change their Twitter account.
I am adding Twitter and Facebook login to a MVC 3 test application using TweetSharp and Facebook C# SDK.
Currently when a user signs in using Twitter I create a user account for that user in a user table and store the id, token, and token secret in a separate table with a foreign key to the user table. Since the id, token and token secret do not expire I can quickly locate the right user account when the user logs in next time using Twitter.
What if the very same user logs in using Facebook next time? Since Twitter does not provide email in their API and I therefore have no common piece of information to tie a user account to either Twitter or Facebook I assume I have to create a new user account for a Facebook login? Does anyone have any experience with this? Are there any ways to solve this?
I identify each user internally with a unique key. I check cookies for the user key when any user hits the site. If there's no cookie I create a new key. add it to the user database and set a new cookie. Once a user completes registration the first time by logging in with any of Facebook, Twitter or .Net membership , that key is forever married to that user.
So when an existing Twitter user logs in for the first time with Facebook, we know who they are because their user key exists. It is basically the same solution as macou suggested. Macou's has the plus of working on a new machine or if cookies are cleared, the cookie solution has the plus of not requiring additional user input.
Not really a solution, more of a work around. I was faced with the same problem and ended up forcing the user to complete thier account profile by asking for their email address before allowing them to proceed any further. This meant that if the email address coming back with the Facebook auth matched the email address created with the twitter signin then I didn't need to create another account.
The bigger difficulty was coming the other way, if the account was created by the facebook auth first. It meant an untidy marry up of accounts.
To be honest the information we got from allowing users to sign in with twitter was not worth the effort and in the end finished up only allowing Facebook auths. I'm not sure how important twitter is to your solution.
Not the perfect answer I know, but I thought I would share my experience.
You can't use just a cookie because I can login as facebook then my wife login as twitter using the same browser, you shouldn't link the two accounts in this case.
I think you need to do more than that:
Use a cookie then
Use name/first name/login name/... to see if they match.
Example:
Cookie id: 18459439731114330636, find user with id = 18459439731114330636. Found, go to 2, not found, go to 3.
Is username/first name/last name/... matches the current user? if yes, link accounts. if not, go to 3.
Create a new user.