All geek questions in one place

Can Devise + Omniauth have several types of logins?

I used Devise as a standard tourniquet for other projects. In another project, I used Devise + Omniauth authentication for Twitter.

In the new project, I need my end users to be able to log in via Twitter and Facebook or register in the application. In the future, the user could link their accounts together. For example, his account on Twitter and Facebook. Or his Twitter and "native" account. Native is an account that he has registered directly with a web application.

Is Devise capable of this? If so, how do we link user accounts together? What is the concept of this? How does the app know which Facebook and Twitter account the user owns?

Ideas and suggestions are welcome.

EDIT:

I followed http://railscasts.com/episodes/236-omniauth-part-2?autoplay=true and I do not receive. If

  • The user is disconnected from the application,
  • The user has an account registered in the application,
  • the user signs up with another service provider (facebook, twitter, etc.).

How does the app know how to link its new service provider with its existing accounts?

Stackoverflow.com has this feature. But one service provider that they do not include in their multi-sign function is Twitter. I guess, because Twitter does not provide the user with email through its API. While other service providers (Facebook, Yahoo, Gmail) do.

+6
source share
4 answers

Email is usually used to link all accounts, but using Twitter you cannot get an email account. Using email is not really good practice, because the user does not have to register with each service with the same email address.

Asking the user if he wants to use facebook / twitter / google / openid for authentication when he is logged in is the easiest way and more predictable for the user. You must prevent the effect of β€œhow does this site know my Facebook account? Why are they tracking me?”

As an additional note, the most difficult part is not adding a new authentication method, but combining accounts if the user, for example, created one facebook account and one with twitter.

+3
source

Please find these screencasts, this will help you: OmniAuth

and OmniAuth part2

I recently played with the same problem as now. I set myself the goal of implementing many authentication solutions: Google, Twitter, Facebook .. at the same time - so the user can log in to several providers (for example, Stackoverflow.com), and after logging out he remains in the system with another service. I implemented this by creating the following diagram (I don't have my code right now, but it should give you the key):

class User has_many :authentications has_many :known_authentications end class Authentication #implemented nearly as in Ryan Railscasts (It keeps authorization info) end class KnownAuthentications #has :provider, :user_id, :uid and :email columns. Here I keep all authorizations for registered user, that he ever had(so I can verify user by email and guess that this is the same user as logged in from different services). I fill this table when user registers with any service(Google, Twitter etc.). end

When a user logs in, I check the KnownAuthenifications table for the current authorization service by email (the OpenID service sends other parameters by email, OAuth does not (so here I create a fake email, say, fake@email.com β†’, so Devise do not through exception)). I know that now I signed up for Google from the same user as I currently registered on Twitter.

+1
source

Devise does a great job of this, but since each provider has its own token, you need a way to recognize the user, regardless of which provider he chose to log in.

The most common way to do this is to use the email field, you need to specify the email address in each request of the provider, I personally do not like it, because users can still have different emails from different providers.

To overcome this, you can provide the option to "connect to my Facebook account using my Twitter login."

+1
source

I have the same question, and although this is not a complete solution (I don’t think that it is actually 100% reliable), this is what I am creating now.

Example: site with username / password, Facebook and Twitter for authentication.

A user comes to the site and wants to register. They register using Twitter for authentication. Twitter transmits a ton of information except an email address. I save profile information (location, name, etc.), which, I think, will be useful for comparison. The user is provided with a profile page immediately after authentication to verify the profile information (they can delete any information that they do not want to store). They also have the option to add additional authentication methods (in this case, username / password and Facebook). The more you encourage them to associate additional authentication methods during registration, the less problems you will have with duplicate accounts. However, it still exists as a marginal case.

The scenario of the edge case is as follows: the user signs up using Twitter, and then immediately signs up and tries to log in using Facebook. The sign method detects that this is a new authentication, and therefore it compares the oauth data from Facebook with existing profile information and tries to find matches. Then I show a match of 10 or so and ask the user to check if they exist in order to link the account. Ask the user to log in using Twitter and then link the Facebook account.

Obviously, it would be simpler and easier if everyone used the same email address and Twitter would actually return the email address. But not everyone makes it so that you need to handle this extreme edge in the best way - at this stage I will try the match option and just ask users to authenticate using other services when registering and filling out profile information.

0
source

Source: https://habr.com/ru/post/895066/

More articles:


All Articles