2

I've got Oauth support in place for an app I'm working on. What I'm trying to work through is the logic for associating Oauth accounts.

Example:

Let's say a user has logged in before. They authenticated using Facebook. I now have an email address which I can safely assume will always be unique to that user. However, Twitter does not provide email addresses through its Oauth implementation, so if someone signs in with Twitter, and then Facebook, how do I correctly associate their account? I can't use user name, or handler, because obviously that could vary per provider. Is there any other way I could do this?

Do I require the user to enter their email address if they use an Oauth provider which omits it? I'm trying to put together the best user experience and the most stable system - so your help is highly appreciated.

hakre
  • 193,403
  • 52
  • 435
  • 836
Calvin Froedge
  • 16,135
  • 16
  • 55
  • 61
  • This has been discussed already...but not resolved: http://stackoverflow.com/questions/3191044/social-network-facebook-twitter-etc-user-account-integration-duplicate-scena – Calvin Froedge Sep 26 '11 at 15:11

1 Answers1

0

If you're looking at working with multiple identity providers then your best solution would be to use an internal ID unique to your system and then associate the external accounts with that ID when the external authentication takes place. Additionally users in FB can change their primary email address so it would be safe to assume it's unique it's probably not safe to assume that it's current.

Dustin Nielson
  • 1,264
  • 1
  • 8
  • 8