I'm creating an app where users are allowed to freely use the app up to a certain point of the app.
But I still need to save certain data of the user who haven't fully completed the signup yet. eg) what they previously selected, what they previously liked.
Is there a way to correctly gather a unique identifier for the user from using Expo?
eg;
Maybe there is a unique device token(or device ID) that I can use, save data using that as a primary key in my 'Users' table in DB.
Resources I found:
https://docs.expo.dev/versions/latest/sdk/application/#applicationapplicationid
-> Looks like a bunch of options are provided, but not sure which one to choose.
https://github.com/expo/expo/issues/1534
A post from a few years ago suggested using Expo.Constants.deviceId - which I can't find in the latest doc.
Related
Maybe I am missing something here, or this is a flaw in Auth0? I'll give an example of my issue:
Let's say I have my Default App (client), hooked up to that I have Username-Password-Authentication (database connection) and google-oauth2 (social connection).
A user comes to my site, signs up via google-oauth2 (social connection) using joe#gmail.com. Once complete, he gets added to my users in Auth0, all great.
A few months later, Joe comes back to my site, and being a busy guy, he forgets he signed up to my site before. This time, he decides to sign up using my custom Email and Password form, that will add the user to the Username-Password-Authentication (database connection). so he signs up there using joe#gmail.com again, and everything goes well, he is now listed in my user's section in my Auth0 dashboard.
This is the problem, I now have two joe#gmail.com accounts, one with google-outh2 and one with Username-Password-Authentication. I really can't have this, I need a unique email address, regardless of the ID Auth0 supplies.
Does anyone know how I can make email address in my user section 100% unique? I'd think a rule would do this, but it appears rules only apply AFTER a user has been registered, so I can't run a rule before adding?
the only way I can see doing this right now is make my own checks and delete via the management API, but that is a really long and messy way to do it I feel.
Any help will be appreciated here!
Thanks!
Auth0's default behavior is to create a new account in the database for every unique entry. Since the user created using Google has a unique id (based on google-oauth2), and the user created using the sign-up form has a unique id - they will technically be considered two separate accounts. In order to resolve this disparity, you can establish a means with which the account data can be merged. In the documentation linked provided above, there are examples of three possible ways of doing this:
Automatic Linking - which involves creating a specific rule to merge users based on matching emails
User-Initiated Linking - which involves providing a UI for users to opt into merging users with matching emails
Suggested Account Linking - which involves setting up a rule that is linked into the UI
One important thing to consider is that the data returned from different social identity providers may not be normalized the way that data is normalized onto the Username-Password-Database. For example, while auth0's default for emails is to lowercase the information, google-oauth2 may return emails as Uppercased - creating the potential for non-matching emails when checks are made using strict equality
The option you are looking for is called account linking.
You can find more info at https://auth0.com/docs/link-accounts
The id I get from app.getUser() from the actions-on-google-nodejs app looks entirely different from the id I get from Oauth.
app.getUser() in Google Assistant
{ userId: 'KMdEs***szG-ZRQl***cU',
user_id: 'KMdEs***szG-ZRQl***cU',
userName:
{
[...]
The same id is returned with and without the app.SupportedPermissions.NAME permission.
googleUser.getBasicProfile().getId() in Google OAuth
11348***63489
Is there any way to match these users up? It's the same Google Project in the developer console, so I assume that even if Google would generate unique ID's per project it should be the same, however in this case it looks like I am getting entirely different types of id's.
They are different types of IDs.
The ID returned from app.getUser() is meant as an anonymous project-unique identifier that can be used in some of the same ways a web cookie is used. It can not be identified against a specific account - but it will be consistent across all sessions (unless reset by the user). The profile information you can get with it (their name) is also considered non-identifying. Both are intended to be used to make a more friendly interface, rather than as a firm identifier. Users are able to reset their Google Home devices, for example, and this may reset this to a different ID.
The ID returned through OAuth, however, is meant to link them to a Google Account, with all the implications that brings, including associating them with a specific identity. This Account Linking is done separately, and does not directly give you the ID - instead it gives you an OAuth Access Token (which you can get through app.getUser().accessToken) which you can use to get their Google ID and other information that you may be scoped to get.
In theory, if you have Account Linking enabled, you could match the two up. In practicality, if you have Account Linking enabled, you wouldn't care about app.getUser().userId since you have the Access Token which will get you their Google ID. If you do not have Account Linking enabled - there is no way to match up the two and you should treat the userId as an anonymous (but consistent) user.
I have a website in progress where users create posts in a feed, and may have many feeds. Their profile will display a default feed of their choosing.
The 3 tables in this paradox are "accounts", "profiles", and "feeds".
An entry in profiles contains additional information about a user. This is in a separate table because it may be modified more often, and many queries use the accounts table without needing this information.
A field in accounts (profile) must reference a profile. I've done this, instead of having profiles reference accounts, because otherwise an account could exist without a profile. A profile existing without an account would be the result of a deactivated account (provided the user explicitly chose not to have their profile removed from the site).
A field in profiles (default_feed) must reference a feed. This may be changed often, and isn't needed by most queries, so this seems a sensible place for this data.
A field in feeds must reference an account; all feeds have a creator.
You may be able to see my problem already, but I'll elaborate:
I can't make an account without making a profile, which I can't make without making a feed, which I can't make without making an account, etc...
Must I give up the functionality of profiles for deactivated accounts (which wouldn't be a huge deal, but I'd like to know if there's another way), or is there a sensible trick that will allow me to solve the paradoxical nature of this relationship?
EDIT: I've realized I could simply set the default_feed field so it's allowed to be null, and have the application handle this special case (which should never happen anyway, since a feed is created with the account) with a "this user has no default feed" message. I'd still like to know if I've missed a more creative solution though.
One simple way to break the dependency is to make default_feed in profile nullable.
Start by creating a profile with the default feed set to null
Create the account that references that profile.
Once the account is set up, create the default feed with the account that has been created as owner.
I am a new member of a team at my company reviving a legacy product that had Facebook integration, and we wish to continue developing the Facebook side of things, but we can't seem to find the credentials for logging into the app, or even who has access to it.
The app we are trying to recover is "HaloMobile". One thing to note though is the app name on posts is no longer a link. Does this mean the app has been disabled somehow?
I'm obviously not asking for credentials. At this point I'm just trying to "find" the app and possibly determine who is currently assigned as the administrator role, or what my options are. If there is an email address associated with the app, perhaps we can send a transfer request to that email?
If you could get retrieve two piece of information from your code-base, which are App ID and App Secret then you can retrieve the list of roles assigned in app using the following end point,
https://graph.facebook.com/<App_ID>/roles?access_token=<App_ID>|<App_Secret>
And once you know the role, along with the user Ids of the user assigned to it, you can move forward to recover the App by contacting him.
Also, you might want to give this documentation about Application a look, which lists out various fields you can retrieve for getting the required information to get access to your application back, like user_support_email
https://graph.facebook.com/<App_ID>?
fields=name,description,creator_uid,user_support_email
&access_token=<App_ID>|<App_Secret>
Im developing an iPhone app with user logging design and i am trying to understand how to save user data and app state for each user in the same iPhone.
For example suppose my app flow is as follow:
1. user log in.
2. app gets the user friends list from core date and present it.
3. in the background the app fetch the user friend list from a server and update core data.
Now suppose there are two users that simultaneity uses the app with the same iPhone
how can i know witch data to load from core data to each user? haw can i know witch app state to return to?
First of all, it seems important to pose the question of why you are trying to do this in the first place. As I'm sure you have noticed, Apple designed the iPhone to be a single user device. This is why you don't see their apps (and generally apps from 3rd parties as well) allowing multiple users.
That said, if you are absolutely sure you want to do this, then you clearly need to give the user some ability to change user accounts. You're never going to know when one person is using the phone over another, so you have to provide the ability to switch users similarly to how fast user switching works in OS X.
Anyway, you probably need to start by creating an additional Core Data entity called "User". That entity should contain information about each user (name, nickname, photo, etc). Then you need to create a relationship from the "User" entity to whatever entities you are using to store your friends list.
You'll need to decide what the behavior of the app will be. Will the current user automatically be logged out when the app quits? Hard to say as you don't know who is going to use the app next.
I would create a core data entity for users and link the entries in it with the friend list entries. Therefore every user should have a unique identifier. Also in your friendlist entity there should be a key like "userId" to hold the reference to the user.