Implement Social Authentication #27
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is related to the issue #2
It's totally understandable if this PR got closed without merging because social authentication is not planned to be in the first release, or if you have a different approach for implementing it.
for a quick look to the logic behind this, check out the tests file
Note 1:
Only login with [Google, Github, Twitter] or Register and login with [Google, Github, Twitter]?
There is two scenarios:
1- The user have to and must register normally, then from some inner page, the user can link social accounts. This case, it's Only Login with [Google, Github, Twitter]
2- The user can skip the normal registration and Register using [Google, Github, Twitter]. Although, the user has the ability to use the normal registration and link the accounts later. This case, it's Register and Login with [Google, Github, Twitter]
This PR is working under the assumption that it's the second case, Register and Login with [Google, Github, Twitter].
However, a problem will arise here, if the user registered with any of the social services, the user will have a random 40 character password, this implementation will flag this case by setting the newly added column to users table
need_password_updateto true.Note 2:
This PR is under the assumption that one user can link multiple social accounts and use any of them to login. There is websites allows only one linked social account, so if I logged in using Twitter, I'll be in a different account than if I logged in using Google.