Giter Site home page Giter Site logo

Comments (5)

adamwathan avatar adamwathan commented on June 18, 2024

The package itself shouldn't be creating a duplicate entry... Are you perhaps saving the persons email and have your email column set with a unique constraint?

There's no good way to detect when someone logs in with one provider, then later with another. Trying to do it based on e-mail address is a big security vulnerability. See this issue for more details: #19

from eloquent-oauth.

jerauf avatar jerauf commented on June 18, 2024

That makes sense. How would I give the user an alert saying "you've signed up with another provider" then?

from eloquent-oauth.

adamwathan avatar adamwathan commented on June 18, 2024

If you really wanted to do that I would use the callback on OAuth::login() to check if the email is already assigned to another user and throw your own exception that you can catch in the controller and handle however you want.

The reality is though that no one really deals with that problem. With some providers, you'd have no way of telling anyways. For example, the Instagram API does not let you retrieve the user's email address at all, so you have no way of knowing. If you test what you're talking about with a variety of popular sites that support social login, I think you'll find they all just create multiple accounts for you and make no effort to reconcile them.

This is actually a common complaint of sites that support multiple social logins in general :/ It's definitely a trade-off between the convenience of providing multiple login options vs. the risk of the user forgetting which one they chose.

I'm planning to split this package up in the future so that there's one main repo for the bulk of the package logic, and each actual provider is in it's own repo, and you can mix and match the actual ones you need, which I think will help encourage more careful selection of which providers you actually want to support for your application. Similar to how Flysystem is broken up for example.

from eloquent-oauth.

jerauf avatar jerauf commented on June 18, 2024

All right. Great.

Thanks for the help. And thanks for the great package. I was up and running literally in an hour with only this one question.

from eloquent-oauth.

adamwathan avatar adamwathan commented on June 18, 2024

No problem happy to help and glad you like the package! πŸ˜„ Definitely let me know how it works out for you, would love to improve it however I can based on your feedback.

from eloquent-oauth.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.