I'm using Devise with my Rails app and I'm looking at using the Omniauth-Facbook gem. My app has views that show the users's by user name. What I haven't been able to figure out is how I can prompt a user for a user name when doing this.
I know that I can request this from Facebook, if the user has created a FB user name. Many people have not specified a user name for their FB account, so this does not seem like the best approach. I've read other answers which indicate that perhaps the email should be used instead, which works if the user name is solely for logging on, but this is obviously not a good idea if the user name is going to be shown on user views.
If anyone could provide guidance on how to best prompt or get a user name while registering someone through Omniauth-Facebook, that would be very appreciated. Thank you!
when you sign up for facebook, then check whether they have username in the facebook, if no,then just redirect to your path to update the username?
Related
I am very new to Rails and before I get deep into the building process, would like to know if anyone knows of a way (or any articles--I've been searching and can't find exactly what I'm looking for) to do the following:
1) have a user login using omniauth
2) after logging in directing the user to set an anonymous username that will what shows for this user throughout the activity in the application (all omniauth use info remains private)
Is there a way to do this? I found this question login using facebook or create an account but I'm essentially having them login using facebook AND set an account of a sorts.
If anyone has any resources that could point me in the right direction, I'd appreciate it!
For some reason we need to provide a direct sign on link to our user by email.
something like:
www.website.com/user/sign_in/:hash
And the user click on the link he would be automatically sign in.
But I have no idea where to start and it doesn't seem to be built in the gem.
You'll want to use an auth token to sign the user in directly. This SO answer probably has all the details you need on getting this implemented properly.
I intend to build a customized logic on Devise on Rails. Here is the logic: user can try to login, and if the does not exist, then it will create the account for the user. Just to skip the registration process.
Now sure how to hack into Devise. Please help!
Thank you in advance!
Edit: Sorry that I didn't make it clear enough: I have implement the on-create-validation on the user model to authenticate with another system. Logic is:
If success with another system's authenticator, then create a new user with the same password and login user.
Else login fail.
You know that if someone make typo he will create new account and will be mad that all of his/her stuff disappeared? When there is small amount of user then it isn't problem. But when your society will grow then it can make you some black-PR. You should rather check by AJAX call that there is user with that email/username/nick and if not then show the registration form, but on other hand this can be security issue if your users are signing in using non-public data like email or if username is different from nickname shown on your page.
Why would you want to skip the registration process? I don't see any benefits.
First, the user can enter the wrong username or password by accident.
Second, the user can enter the right username, but the wrong password. So he/she already is a registered user, but still get a new account.
Third, when a new user is automatically registered, how does the user actually now what his username or more importantly, his password will be?
Personally, why not just add "Remember Me" or "Forgot Password?" to your login form. If, for any reason, the user doesn't want to enter his login data or simply doesn't know his password required to login he can use these options.
Or, if you are working with permissions, why not just make a guest user if someone is not logged in?
What if they type in the wrong password or username on accident? Then you just automatically create them an account? IMO that would be a bad user experience. You either know your account or you don't. If you have an account and can't remember then you use the 'Forgot my ...'. If you don't have an account, then you go signup. You could implement oAuth and use accounts from a multitude of sites (i.e. Github, Twitter, Facebook, etc.) that would make it easier.
I have created a public facing website which allows you to login using a username/password, or with Twitter, or with Facebook.
When logging in with Twitter for the first time (for example), a user is created in my database with a nickname matching the Twitter screen name. I want this nickname to always be unique.
The problem is that in some cases a user with that nickname already exists, so the user can't be added. I am unsure as to the accepted approach for this problem, the only solution I can see so far is to ask the user to override their nickname, but this doesn't seem too elegant.
The reason the nickname needs to be unique is not a code issue, but an interface issue, for example there are forums and I want each user to be uniquely identified by their nickname.
Are there any other methods anyone can suggest for dealing with this problem?
Edit: At the request of some of the replies I will clarify an example:
Lets say I have a user named Joe Bloggs who is a member on my website. He is not a member of Twitter or Facebook. His nickname on my site is JoeBloggs.
Then, another Joe Bloggs comes along, and wants to sign in with his Twitter account. His Twitter name is JoeBloggs, so when he signs in with Twitter, my system attempts to automatically set his nickname to JoeBloggs. However, this nickname already exists. What is the normal or best practice in the cases where nicknames like this overlap? The only thing I can think of is to prompt the user to specify a different and unique nickname (just for display on my site).
The reason I ask is that this must be a common issue for sites which let you login via Facebook, Twitter, Yahoo - there must be an overlap in the names which are returned from said websites, so I wondered what the normal process is.
Could you use the Twitter API to confirm they really are the Twitter ID they say they are, and if no Twitter account, allow them other means to authenticate (Google+, Facebook, LinkedIn, old school username and password)? Allowing users to login with a Twitter ID that they don't own seems like asking for a world of hurt.
Maybe you could try and change the database itself - get a field like 'nickOrigin', allow there values like '[yourSite]', 'twitter', etc., and only allow new entries if no entry with the same nick AND nickOrigin exists. Execute a query to modify existing users to have a nickOrigin of [yourSite], and things should be backwards compatable, or at least I imagine them that way :)
I have a signup form, and I wanted to make it so that they have the option of recommending this signup to all their friends in facebook.
Is there a rails API/gem for doing this?
Is there an appropriate name for this?
Thanks!
Looking at the Extended permissions documentation, you don't get access to the email addresses of a Facebook user's friends (search for email and note the second column reads not available). If that's what you're trying to achieve, it's almost certainly not possible, without the user contacting each friend and asking them to visit your app (which I would imagine would have quite a low take-up, if only through inertia).
I guess you have two options:
popup a javascript before submitting the form to prompt the user wether he wants to share it with friends. You will use the js api http://github.com/facebook/connect-js (see the dialog section). This solution would avoid doing server side connection to the facebook api
Have a look a the Facebooker gem to do a stream_publish