My application need a twitter account to create an account and authentify. Then, the user can link any other Twitter accounts as he like. So, a user has ONE main twitter account which allow him to connect to my app, then, he can browser all the accounts he has previously linked in the app. My question is about the login process on Twitter side.
First, I've thinked about setting force_login only when linking new account. This way, the user does not have to reconnect on Twitter each time he want to connect to my app. And, when he want to link another account, force_login force him to chose the right account. The problem is that Twitter stay connected to the last authentified account. So, if the user logout from my app just after linking another account, then login with twitter, he login with the second account, and create a new user on my app. Exemple:
User has two twitter accounts : @a and @b. He's authentified to Twitter with @a. He signup to my app, Twitter shows him the permissions asked by my app, user accept, he's redirected to my app, a new User which can auth with @a is created. Then, he link @b account. Thanks to force_login, Twitter asks him for credentials. User login to @b, Twitter asks permissions, then, the account is linked to the user on my app. We now have a user who can auth with @a and who is linked to @b. Then, session on my app is over, user needs to reconnect. Because there is no force_login, Twitter sees he's already connected with an account which authtorised my app, so connection is accepted without any action from the user. But, what nobody sees is that user was connected with the last account : @b. So, I get a signin action with @b, which means to a new user creation. I now have two users : User1 which can auth with @a and is linked to @b, and User2 which can auth with @b. And my user doesn't understand where is its @a account.
So my question is : do I have to set force_login anywhere ? Or is there another way to tell Twitter to not authentify when linking an account?
1 Answers
Answers 1
For me it looks like your problem is not related to twitter at all. You just need to handle the login / sign up process properly in your application.
Here is what happens, according to your description:
- User signs up with @a account
- Internally you create the user profile in your database (I assume that you have the database, doesn't really matter what kind of database), like this:
- User A
- id = 1 (your internal id)
- name = UserA
- accounts (related table)
- twitter @a
- User adds one more (@b) account
- You update the user profile like this:
- User A
- id = 1
- name = UserA
- accounts
- twitter @a
- twitter @b
- The user signs out
- The user logs in back with @b account
- Twitter approves it and redirects back to your app
Now you say "So, I get a signin action with @b, which means to a new user creation.". Why so? Twitter knows nothing about your application, but you do know it.
What you want to do here is just search through your database, find that you already have the "twitter @b" account and it is linked to "UserA". Then you just login the "UserA" into your application instead of creating the new user (you anyway don't want to have different users with the same twitter account, so twitter account id should be unique in your database).
0 comments:
Post a Comment