Back to oneall.com

do user_token and e-mail address have a one to one relationship, regardless of provider?

Bernard_AlvarengaBernard_Alvarenga
in Questions
Hello

Just looking for confirmation that if someone signs up with, say, Facebook using a given e-mail address ( user_email@email.com ) and later tries to sign up or sign in with Twitter where he uses the same e-mail address, Oneall will provide the same user_token for my app.

Of course I will check the e-mail for uniqueness on my app, but I need to understand how to you treat this.

thanks

Bernard

Best Answer

  • Claude_SchlesserClaude_SchlesserAdministratorOneAll Team
    Answer ✓
    Hi Bernard,

    we do not automatically link social network accounts to the same user.
    This is because we cannot know if the user actually wants to do this or not.
    The user might want to create two distinct accounts per example.

    To link two different social network accounts to the same users, you have two choices

    1) You implement our Social Link services, to allow the user to link multiple social networks to the same user_token

    2) After the user has logged in, you take his identity_token and relink it to an existing user_token:
    http://docs.oneall.com/api/resources/identities/relink-identity/
    To do this, you obviously need to do some coding on your side.
    Check your database and look if you have already an email address that matches the email address of the social network used to login. If you also have a user_token for that email, then you can link the social network to it.

Answers

  • Bernard_AlvarengaBernard_AlvarengaMember
    Thanks Claude

    From my perspective this means once more that e-mail address is king.

    If someone had previously verified an e-mail address on my app, or with any of the providers, that e-mail address will be authorized to access my app. This regardless if the person uses a different name on each of the providers. I will keep the first name that was given and assume it is the same person. My app is not that sensitive after all. There's no point in challenging the user on why he uses different names or if he/she is actually the same person.

    So, I will confirm that the e-mail address was verified and, if so, grant access.

    This will also mean that the user_token_link table will lose its one-to-one relationship in-between user to user_token, as one user ( one e-mail address ) could have several user_token, depending on the provider.

    I may be wrong, but I do not see the point of the relink-identity thing. This would just add a task to try to keep current the provider. Not much value added to that, I think.

    Regards

    Bernard
  • Claude_SchlesserClaude_SchlesserAdministratorOneAll Team
    Hi Bernard,
    This will also mean that the user_token_link table will lose its one-to-one relationship in-between user to user_token,
    Yes. You can either have a one-to-many relationship between users and user_tokens, or you use the re-link identity API call if the email matches an existing user, to re-link the user to an existing token and to maintain the one-to-one relationship between users and user_tokens.
Login to your OneAll account to add a new comment

Welcome!

Please sign in to your OneAll account to ask a new question or to contribute to the discussions.

Please click on the link below to connect to the forum with your OneAll account.

Ask a question

Information

Products & Services

Categories