Account unlinked but user can still login with Google

https://docs.oneall.com/services/implementation-guide/social-link/

I've followed the directions on this page, and when I un-link my google account from my site, I can still log in. As I understand the user token is the same for every social login, google/facebook/etc... as such when I unlink Google I don't want to delete the token from my user as that would break Facebook login. Even though I disconnected the Google Account from OneAll, I still receive my user token when I click on Login with Google.

Questions:

1) Am I misunderstanding how the UserToken works?
2) Will I have a different token for each social network (I believe no)?
3) What is the Identity Token used for?
A) There is no reference of what to do with this token in the implementation guide, there is code for reading it, but nothing about what to do with the token.


Any help would be greatly appreciated.
Wayne

Answers

  • Claude_SchlesserClaude_SchlesserAdministratorOneAll Team
    edited May 2017
    Hi Wayne,

    identity_token
    An identity represents a collection of user information like for example the social network profile data of a person.
    The identity_token is a key that uniquely identifies an identity. Each identity belongs to a user.

    user_token
    A user is the data representation of a person that is using the OneAll plugins and services that you have added to your website or mobile application. The user_token is a key that uniquely identifies a user. Each user has a least one identity.

    So basically you can have something like this:

    Wayne Sepega (identified by a user_token) | +-> Wayne's Facebook Account (identified by an identity_token) | +-> Wayne's Twitter Account (identified by an identity_token) ...
    Are you implementing our services from scratch or do you use a turnkey plugin (WordPress, Drupal ... ) ?
  • Wayne_SepegaWayne_SepegaMember
    edited May 2017
    From scratch, but using the this .net SDK:
    https://github.com/GioCirque/OneAll

    Following is our code for linking the account and logging in the account. Sorry it's VB, but the job pays well :)
    As said previously, since the OneAll User_Token is the same for the user whether the account is linked to Google or Not I'm still getting logged in, so not sure if I'm doing something incorrect here or not.

    This is in the MVC VIew

    @If Utils.IsDevelopmentHost Then
    @Html.OneAllDisplayLinkScript(Model.OneAllUserToken)
    End If


    Code for Linking the account
    If Request.OneAllTokenExists() Then
    Dim oneAllUserToken As Guid = Guid.Empty
    Dim oneAllCnToken As Guid = Request.OneAllToken()

    Dim responseCn As Response(Of ConnectionDetail) = OneAllAPI.Default.ConnectionReadDetails(oneAllCnToken)
    Select Case responseCn.Result.Data.PlugIn.Data.Action
    Case "link_identity"
    Dim userToken = responseCn.Result.Data.User.UserToken
    Dim identityToken = responseCn.Result.Data.User.Identity.IdentityToken
    'is current customer already linked?
    Dim customer = DAL.DbContext.Customers.Where(Function(c) c.Id = LoggedInUser.CustomerId).First()
    If customer.OneAllUserToken <> userToken.ToString() Then
    customer.OneAllUserToken = userToken.ToString()
    DAL.DbContext.SaveChanges()
    End If
    Case "unlink_identity"


    End Select
    End If
    Return RedirectToAction("Edit")

    Code for logging in the account
    If Request.OneAllTokenExists() Then
    Dim oneAllUserToken As Guid = Guid.Empty
    Dim oneAllCnToken As Guid = Request.OneAllToken()

    Dim responseCn As Response(Of ConnectionDetail) = OneAllAPI.Default.ConnectionReadDetails(oneAllCnToken)
    If responseCn IsNot Nothing AndAlso responseCn.Result IsNot Nothing AndAlso responseCn.Result.Data IsNot Nothing Then
    Dim oneAllCnUser As ConnectionUser = responseCn.Result.Data.User
    If oneAllCnUser IsNot Nothing Then
    oneAllUserToken = oneAllCnUser.UserToken
    End If
    ElseIf responseCn IsNot Nothing AndAlso responseCn.Request IsNot Nothing AndAlso responseCn.Request.Status IsNot Nothing Then
    Throw New Exception(String.Format("{0}: {1}: {2}", responseCn.Request.Status.Code, responseCn.Request.Status.Indicator, responseCn.Request.Status.Info))
    End If

    If Not Guid.Empty.Equals(oneAllUserToken) Then
    Dim responseUser As Response(Of UserResult) = OneAllAPI.[Default].UserReadDetails(oneAllUserToken)
    If responseUser IsNot Nothing AndAlso responseUser.Result IsNot Nothing AndAlso responseUser.Result.Data IsNot Nothing Then
    Dim oneAllUser As OneAll.Users.User = responseUser.Result.Data.User
    If oneAllUser IsNot Nothing AndAlso oneAllUser.Identities IsNot Nothing AndAlso oneAllUser.Identities(0) IsNot Nothing Then
    Dim oneAllId As OneAll.Users.Identity = oneAllUser.Identities(0)
    If oneAllId IsNot Nothing Then
    'Check to see if we have a user already in the DB for this token, and if so login the user.
    Dim cust As Customer = GetCustomerForUserToken(oneAllUserToken)
    If cust IsNot Nothing Then
    LoginCustomer(cust, False)
    Return RedirectToAction("Index", "Sites")
    End If
    End If
    End If
    ElseIf responseUser IsNot Nothing AndAlso responseUser.Request IsNot Nothing AndAlso responseUser.Request.Status IsNot Nothing Then
    Throw New Exception(String.Format("{0}: {1}: {2}", responseUser.Request.Status.Code, responseUser.Request.Status.Indicator, responseUser.Request.Status.Info))
    End If
    End If
    End If

Welcome!

Please sign in to your OneAll account to ask a new question or to contribute to the discussions.

Please click on the link below to connect to the forum with your OneAll account.