So there are definitely many tutorials out there regarding how to integrate various individual social network authentication/registration into existing user accounts. But the scenario I can't seem to find out much information about is if a user signs into your account with different social network credentials. For example:
Scenario #1
User registers on site using site's authentication.
User then signs in/registers on site using Facebook Connect.
User then signs in/registers on site using Twitter.
How do I integrate all of these into one account?
Obviously once a user is registered, they can add other social network associations in the account settings pages. But I am more concerned if they register via the other social network not remembering they are already setup.
My general thoughts are trying to figure out a way to use the "username" or email to try and guess and present the user a way to combine accounts right there.
Anyone have any thoughts?
-
Here's how it works
Instead of a one-to-one (userID<->eMailAddress) user accounts become one-to-many (userID<->OpenID|FB|Twitter|Google|Aol).
The first time they sign up using one of the connections you create a unique ID entry in your users list representing that person. Then you associate that unique id with the FB/OpenID/Twitter account.
On your site, that user is represented by the ID you assigned them when they first signed up. When they associate more accounts with that ID it gives them more redundant ways to access that account.
IE. User accounts on that type of a site are one-to-many. So a user could have a GMail OpenID account, an AOL OpenID account, a Facebook acount, and a Twitter account all associated with a single ID on your site. That way, if they forget the password or cancel one of those accounts they can still connect with the others.
Your authentication just verifies that they are who they say they are through the third party API and opens a session with their ID specific to your site when they login.
If they forget their password, give the option to send it as a message to one of the accounts that are associated with the external IDs.
OpenID and third party authentication has the advantage that it isn't tied to any single external ID so you don't even need to store an eMail address. This is a huge benefit because: 1, users are reluctant to give away email addresses these days due to the high volume of spam that comes with it and ; two, users often change emails and forget about orphaned accounts that may be associated with that email.
Note: The way you present your question is from a webmaster/webdeveloper's point of view. I would direct this answer to stackoverflow.com as offtopic because but it doesn't quite fit there either. I suggest you commit to the Pro Webmasters FAQ site that's on the verge of being released into private beta because you'll find much better info there. IE, this would be a perfect question for that site.
Matt : thanks for your answer. i guess i mis-understood the nature of this site. sorry about that. regarding your answer, i understand how to do that part, the scenario i am thinking about is more like the following: user signs into my site using twitter auth. user has not registered before, so he is added as a new user with a link to that twitter account. same user signs into my site again using facebook auth, forgetting that he/she already signed in previously with twitter. so this is kind of a new user but i need to link it to the already created account somehow. i guess use email address?Evan Plaice : @Matt I see. In that case, you'd need a way to merge the two accounts together into one because each would have a unique ID account number on your site. Tying accounts to an email address as the default identity is no better than having Twitter/FB because people often change email identities more often than twitter/fb. This would have to be a special administrative task where you'd probably need to authenticate the identity of the use across both accounts using an email.Evan Plaice : @Matt Hopefully this is a rare exception on your site because it will be such a pain to deal with. The easy-way-out would be to just tell your user to delete one of the accounts and keep the other as the primary.From Evan Plaice
0 comments:
Post a Comment