I try to make a javascript code to signup with facebook. I am here now:
signup with facebook
dom.signupFacebook.addEventListener("click", () => {
console.log("signupFacebook");
window.fbAsyncInit = () => {
FB.init({
appId : "647550782699077",
cookie : true,
xfbml : true,
version : "v6.0"
});
FB.AppEvents.logPageView();
// https://developers.facebook.com/docs/facebook-login/web#logindialog
// To use your own login button, invoke the Login Dialog with a call to FB.login().
FB.login(response => {
console.log("signupFacebook response", response);
// handle the response
if (response.status === "connected") {
// logged into the recipe book page and Facebook
console.log("get user info");
FB.api("/me", {fields: "id, name, email"}, response => {
console.log(response);
});
} else {
// The person is not logged into my webpage or we are unable to tell.
}
}, {scope: "email"});
};
(function(d, s, id){
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) {return;}
js = d.createElement(s); js.id = id;
js.src = "https://connect.facebook.net/en_US/sdk.js";
fjs.parentNode.insertBefore(js, fjs);
}(document, "script", "facebook-jssdk"));
});
The FB.api() method send me back id, email and name.
My question is: what to do with these data? How to build a signup with it? Send the name and email to the database but what will be the password?
I tried to find any sample code but I found only login code: registration migrated to the login code…
You shouldn’t need to send anything to any database (and you cannot get the password, for what should be quite obvious reasons). I’ve never had to set up FB login, but I assume from the code there that when a user signs in, it sets a cookie in the browser that contains the session info (token, expiry etc) – that’s the thing that letd your program tell if a user is signed in or not (the SDK seems to contain a convenience method to check this).
Once the user is validated/invalidated, it’s up to you: it is basically like having a variable in your program/application called userIsAuthorised that is either true or false
I would like to build an app with signup and with login.
To sign up manually I understand how it’s works. Name and/or email and password with repeat password.
I would like to set also a social login-signup. I never do it before and I have not imagine how it is works.
If anyone don’t have an account on my app is a must to sign up first.
If he use social sign up maybe I need to ask more another password and store data in the database? And what happen if the user sign up manually and login later with any social app? How will to find my code the right user if he/she sign up manually and used different name than the facebook name? I am here now: the manual sign up is done, on server side I finished with the user input validation. I started now the social login/signup procedure but I stacked up because of the above reason.
And what if the user use different name on Twitter too? How will to find my app the correct user? When he/she login first time with any social, then need I to store the name? Example I will have a username, facebook-name, a twitter-name and also a google-name? This part I don’t understand.
Normally, the user has to contact your directly, tell you they’ve accidentally created duplicate accounts, and ask you please to merge them if that’s possible, or delete the one created by accident.
You will normally end up with multiple accounts for single users, unless they use the exact same email (even then, what if users want seperate accounts??). You can only guess (ie the email used at login is the same), or store some information in an existing account (have account for user, store email, store social media identifier as well). But in this case, if they sign in on social media first, they won’t have a password, so that will cause issues if they subsequently try to use email (this happens with Spotify, for example). There are innumerable other issues here that are not easily solvable
To cover the many many edge cases here, you need multiple layers of redundancy, which is complicated and expensive. Just not really bothering to check is what many services do: even if you add all the complicated logic to cover some cases, you can’t possibly cover all cases, it can’t ever be foolproof, so why bother with anything by the most basic checks?
One solution is to use a trusted provider for authorisation/authentication, like Amazon or Google or Auth0 or whatever. So for example, AWS provides a service called Cognito, where you can create pools of users, then associate different types of login (so you can have email/pword and federated logins that all point to the same user). This solves the problem, but the trade-off is it becomes even more complex in many ways, locking you into a specific vendor and way of doing things. Much of that is abstracted away by the AWS SDK library you’ll use to interface with Cognito, but that complexity is there. And it now becomes dependent on a single service you do not control, and can also end up costing quite a bit of money, depending on what is done.
Maybe I will choose the following signup procedure:
If a user choose signup with social (the facebook button already works) the name and the email will be automatically filled but still have to enter a valid password and repeat password. After that I will store the name, email password. This is same like the signup manually.
If the user later want to login with different social (e.g Twitter), and the email-username is different in my database at the first time need to log in manually and if it’s success then I will store the other social login details as well and from this point the user can use this social login too without enter name or password… This is not sound too difficult…?
Yes but the password for a given social provider is for that social provider, you can’t take that under any circumstances. And if they are already signed into the provider on the current device, they shouldn’t need to provide a username or password