Hello. I want to realize the opportunity to enter and register on the site through social networks, but there were several questions about the implementation of this idea. There are various services to implement this method Loginza and uLogin. They seem to be comfortable, but at the same time not. Decided to implement independently. I already have a database with users, where a person is authorized on the site using an e-mail and password. The moment became interesting that if you use the services, then one person, depending on how social. networks, he is registered he can create to register more than one account, which I would not want. I tried uLogin, everything seems to be convenient, except for the above disadvantage above and even after the registration moment, the person is redirected to my site and sends him data for processing in POST. My site responds to this as an attempt to attack csrf. The same method depends on the service; in cases of malfunction, the function will not work on my site.

The first question I would like to know is: How is the registration made if I already have a user base, where is the authorization for e-mails? Can a person registered on the site previously use authorization through social. network? If you manually log in using VKontakte, it does not give the address of the mail, and if through uLogin, then there is such a possibility.

The second question I would like to know: How to prevent the possibility of cloning accounts from different social services. networks?

I was looking for such information on the Internet - I did not find it. If you find one, then the link will suffice. =)

    1 answer 1

    Link usernames from social networks / openid to the accounts on your site according to the scheme 1 account - several entries from social networks / openid. If a person logs in via uLogin / Login, attach the result to an existing account (check by email address) or create a new one in the absence of such email in your database. That is, if a person has the same email address on a different social network login / openid, then logging in through these different logins will still result in one account on your site.

    Also, pay attention to how this is done on hashcode and on many other services: on the "Access Settings" page there are "external authentication sources for your account". There may be several of them, but they all lead to one account.

    Ie, if you consider email as a "unique" key, then you can track the repeated logins of one person, especially since uLogin gives the user's email address when entering via contact.

    As for dependence on the intermediary service, this is yes, but without it, you will need to separately establish interaction with each of the authorization providers. You can try to make some kind of backup scheme - with Google / VKontaktik / Mailru to establish direct interaction, and, in case uLogin fails, to work without an intermediary.

    As for the code, both uLogin and Loginza provide examples of work and plugins for popular cms / frameworks. You can download and study how they are arranged.

    • By logging in via social networks via e-mail, a problem is possible. There is, let's say, some kind of game / application. They logged in several times - they made some progress, and then the user changed his soap on the social network - he would have to start all over again. But the user is one. The UID in the social network is the same ... For this reason, we abandoned the soap for entry, it serves for auxiliary purposes, but not for login. You can, of course, use it (soap) to connect the account at the FIRST entrance to this social network, but further (repeated) login - only by the UID of the social network. - BOPOH