Hello! I am trying to add the “Login with Google Friend Connect” feature to my CMS. The process of actual authentication is easy. I have no problem with this.
I also recently wrote a website that uses login with Twitter, using oAuth process, so this is also not new to me.
The thing is that on my last project the website login process was based entirely on logging in with Twitter account, so the only way to join the site is to have Twitter account. This made development pretty simple
But now I want to try to add the “Login with Twitter and/or GFC” to a site that has its own database of users.
This turned out to be tricky. What if user tries to login using Twitter account but we already have our own user with the same screen name? Then we cant just use user’s Twitter screen name to add him to our database.
Another possible problem - what if user tries to Login with Twitter but he already has a regular account with out site and we detected from reading user’s cookie. What show I do then?
And finally, I would like for users to be able to also add their Facebook account using the Facebook connect button.
This means that we must allow users to login with Twitter, Facebook or Google Friend connect and possibly our own login system.
Does anyone have any experience on how to approach this?
A common approach is to merely link their Facebook/Twitter/GCF/OpenID/etc. logins with your own account for the user on your own system. When the user first logins using a third-party auth scheme, you may ask the user for a username, and then register the user in your own login system. The user can continue to login using other sites, but you are really logging them into your own system.
I’ve seen the Facebook login hack for phpbb, that’s exactly how it works. They ask you to enter existing login name or to create one and the message tells you that you only have to do this once.
Something just does not feel right about it. Ideally I want a user to just click on Login with Twitter button, do the oAuth dance and done! We pull screen name and profile from Twitter, enter into our own user table and done! The user then because just like any regular user except that he does not have a password and any time he loggs out, he must do the Login with Twitter dance again.
This is the most user friendly way, but in case we already have the same username of the system, then’ its a problem
You cannot control what usernames are chosen across all your potential auth suppliers, from what I see, you cannot have unique usernames chosen by any number of third parties.
What would you do with a duplicate? Deny them access?
I was hoping to hear from someone who has done this already. I’ve seen a few sites that allow to login with GFC or Twitter or Facebook or their own login.
I think disqus.com allows any one of these to login.
Interesting how they implemented it.
If it were I, and unique usernames were required, I’d do just that.
Let folk register with any auth supplier and assign this to local account (an id if you will), if they want to assign other auth suppliers to this account even better.
If a duplicate is detected, force them to pick an username from their other assigned suppliers (dropdown?) or have them make one up.
I think discus API is for people who want to integrate DISQUS form on their site, it’s not for end-users. End user don’t not have to have account with them, just one of Twitter or OpenID or DISQUS’s own username OR even unregistered users if site owners wants to allow it.
Even when building a site that allows ONLY sign in with Twitter, there are some minor channanges. For example, the profile that you pull from Twitter on initial signup may become outdated if user updates profile on their Twitter account. For example, they may change avatar and Twitter’s avatar path is not ties to userid unfortunately.
They may also change their name (not username)
So basically only the username will always be the same and the rest you have to keep synchronizing with Twitter.
I have not decided on any database schema yet. For example, I should probably have separate table TWITTER_ACCOUNT, GFC_ACCOUNT, USERS
USERS is my own USERS with unique ids.
The next thing: should I have field in USER.twitter_id to tie with TWITTER_ACCOUNT (twitter_id will be actual twitter account id, not id from my TWITTER_ACCOUNT table)
OR should I have users_id in my TWITTER_ACCOUNT table?
Can I post a link to my Twitter - based site I just finished writing? It’s a small ‘question of the day’ service and you need Twitter account to use it.
I know you usually don’t allow links, that’s why I’m asking first. This was my first app I decided to write it to learn to work with Twitter API, so no I can possibly help others if anyone has questions about adding login with Twitter button.
OK, this is the site I just wrote. If you have a Twitter account you can try it but remember that whatever question you create will be sent to Twitter under your account name, so keep that in mind that your followers will see it. That’s the whole point of this service of cause.
