Databases
StackOverflow2013
Postsdbo
POOmniAuth: Guarding against multiple accounts for the same user
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POOmniAuth: Guarding against multiple accounts for the same user
    text
    copied!<p>I have a couple of Rails apps I'm looking to integrate with OmniAuth, but there is a conceptual problem I'm having with it that I'd like to figure out first. Consider the following scenario:</p> <ol> <li>Your application, Foo, supports OmniAuth logins via Twitter and Facebook.</li> <li>Joe comes to your site and logs in via his Twitter account. This creates a new user on Foo and associates it with this new Twitter authorization.</li> <li>Joe logs out of Foo, and forgets about the site for six months.</li> <li>Joe returns to Foo, not remembering that he has previously logged in with Twitter.</li> <li>Joe logs in with Facebook. Since he is not already logged in via his original Twitter authorization, there is no way to detect that he is, in fact, the same Joe, and a new account is created.</li> <li>Joe discovers his old account, and is now frustrated that his older content is tied to this old account, and that he can't log in with Twitter and Facebook interchangeably.</li> </ol> <p>Since Twitter does not supply Foo with an email address, there is no universal identifier to use for detecting that the two Joes are the same Joe. You could decide to support only providers who give you the user's email address, but this doesn't help if the user has registered with different email addresses on different providers.</p> <p>The only other solution I can think of is to give the user some way of merging two existing accounts. That's a big headache compared to the relative ease of everything else when using OmniAuth. If this is the only solution, has anyone come across a guide/tutorial showing an example of how this might be done? I'm surprised this issue hasn't gotten more attention given the popularity of OmniAuth.</p> <p>Thanks!</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload