All geek questions in one place

What is the best way to connect with many Twitter accounts?

My application needs a twitter account to create an account and authenticate. The user can then link any other Twitter accounts as he likes. Thus, the user has one main Twitter account that allows him to connect to my application, and then he can view all the accounts that he previously connected in the application. My question is about the Twitter login process.

First, I only thought about setting force_login when linking a new account. Thus, the user does not need to reconnect to Twitter every time he wants to connect to my application. And, when he wants to link another account, force_login will force him to choose the right account. The problem is that Twitter stays connected to the last authenticated account. So, if a user exited my application immediately after linking to another account, log in using twitter, log in with a second account and create a new user in your application. Exemple:

The user has two accounts: @a and @b. He authenticated on Twitter with @a. He logs into his application, Twitter shows him the permissions set by my application, the user agrees, he redirected my application, a new user who can create using @a. He will then link the @b account. Thanks to force_login , Twitter asks him to provide credentials. User login at @b, Twitter asks for permissions, then the account is associated with the user in my application. Now we have a user who can work with @a and who is associated with @b. Then the session in my application is completed, the user must reconnect. Since there is no force_login , Twitter sees that it is already connected to the account that authorized my application, so the connection is accepted without any action by the user. But no one sees that the user was associated with the last account: @b. So, I get the signin action with @b, which means creating a new user. I now have two users: User1, which can auth with @a and is associated with @b and User2, which can work with @b. And my user does not understand where his @a account is located.

So my question is: do I need to set force_login anywhere? Or is there another way to tell Twitter not to authenticate when linking an account?

EDIT for more information:

It's not so easy. Keep in mind that many users must manage the same account. A simple example: @Maurice and @Roy are members of @ReynholmIndustries Corporation. They will create their account on my service with their twitter account. Therefore, on my service, I will have User1, which can connect to @Maurice and User2, which can connect to @Roy. Then @Maurice will add the @ReynholmIndustries account to my service. So, after logging in with @Maurice, he can control @Maurice and @ReynholmIndustries. Then @Roy will add @ReynholmIndustries. No one can log in with @ReynholmIndustries, but @Maurice and @Roy, and their own account, can manage it. And then it’s obvious that someone will create a new user by subscribing to @ReynholmIndustries.

The difficulty is adding a new account: UserA to log in to my service by subscribing to Twitter. Now it has authenticated as @Maurice and on my service as UserA and can control @Maurice. He then adds @ReynholmIndustries, following Twitter as @ReynholmIndustries. He is now authenticated on my service as @Maurice, can control @Maurice and @ReynholmIndustries, but on Twitter he is now authenticated as @ReynholmIndustries. Later, he lost authorization on my service, and he pressed the login button. It was redirected to the twitter oauth form, and now we have two options:

  • without force_login: it is authenticated as @ReynholmIndustries because it is the last account with which it signed up. Thus, Twitter does not ask him to authorize, and he is automatically redirected to my service, but not as UserA, which works with @Maurice, but as a new user: UserC, which will work with @ReynholmIndustries. UserC can only control @ReynholmIndustries because he is a new user.
  • with force_login: even if he works with @ReynholmIndustries on the side of Twitter, he will need to provide a username / password and he will definitely choose the correct account: @Maurice to gain access to UserA and manage two accounts. But he will always have to give a login / pass every time he has to authorize on my service.

Writing this down, I understand that this is not a problem: if my service had a local out, the user would also have to enter a username / password every time he lost auth ... maybe force_login is really the right option. What do you think of all this?

+5
source share
1 answer

To me, it seems like your problem is not related to Twitter at all. You just need to properly process the login / registration process in your application.

Here's what happens according to your description:

  • User signs up with @a account
  • Internally, you create a user profile in your database (I assume that you have a database, it does not matter which database), for example:
    • User A
    • id = 1 (your internal identifier)
    • name = UserA
    • accounts (linked table)
      • twitter @a
  • User adds another (@b) account
  • You update the user profile as follows:
    • User A
    • id = 1
    • name = UserA
    • bills
      • twitter @a
      • twitter @b
  • User Signs
  • User logs in with @b account
  • Twitter approves it and redirects back to your application.

Now you say: "So, I get the action with @b, which means creating a new user." Why is that? Twitter knows nothing about your application, but you know it.

What you want to do is just search the database, find that you already have a twitter @b account, and it’s linked to β€œUserA”. Then you simply enter β€œUserA” into your application instead of creating a new user (you still don't want different users with the same Twitter account, so the Twitter account ID must be unique in your database).

+2
source

Source: https://habr.com/ru/post/1241786/

More articles:


All Articles