When a user first logs in through Facebook on Firebase Auth, duplicate users with unique UID's are created.
The peculiar issue is that I implemented login for this app months ago. An unrelated problem caused me to change my Firebase app. Since then new logins create duplicates. This is very hard for me to solve as the code I have implemented for login uses Facebook SDK and theres not much revealing whats under the hood. Also Firebase has an option that prevents users from creating duplicate accounts with the same email from different providers. But as you can see I am getting an erroneous user upon that initial login. Has anyone ever seen this problem? How am I suppose to fix it, when the problem is arising using the Facebook SDK?
There were two calls to signInWithCredential. FYI, this does not result in problems when the user has already logged in. So it could be a silent error that creeped up on you if you have the same problem.
Related
I am implementing a functionality of removing a user account (the user will have the possibility to delete its account).
I am using Auth0 as authentication provider. If I log in the app using a Gmail account, Auth0 will create the account with user ID value of XXXXX. After I delete the user (through API or from users management section), if I try to access the app again with the same Gmail account then the user ID will still be XXXXX.
This is a problem in my case because I need to anonynimize the data and the other details should never be visible.
I can solve the problem by changing the the ID in my database but for the moment I would like to keep it.
Is this the normal behavior of auth0?
Good morning tzortzik! I work with the Auth0 Community team and after confirming with one of our senior engineer, some connections the user ID is built based on details originating from the external IDP (Google in this case). That being said, if you remove a user in Auth0 for this instance, the very next time the user logs in/signs up they will receive the same ID that originated from the external IDP. I hope this helps clear some things up. Thanks!
I am a new member of a team at my company reviving a legacy product that had Facebook integration, and we wish to continue developing the Facebook side of things, but we can't seem to find the credentials for logging into the app, or even who has access to it.
The app we are trying to recover is "HaloMobile". One thing to note though is the app name on posts is no longer a link. Does this mean the app has been disabled somehow?
I'm obviously not asking for credentials. At this point I'm just trying to "find" the app and possibly determine who is currently assigned as the administrator role, or what my options are. If there is an email address associated with the app, perhaps we can send a transfer request to that email?
If you could get retrieve two piece of information from your code-base, which are App ID and App Secret then you can retrieve the list of roles assigned in app using the following end point,
https://graph.facebook.com/<App_ID>/roles?access_token=<App_ID>|<App_Secret>
And once you know the role, along with the user Ids of the user assigned to it, you can move forward to recover the App by contacting him.
Also, you might want to give this documentation about Application a look, which lists out various fields you can retrieve for getting the required information to get access to your application back, like user_support_email
https://graph.facebook.com/<App_ID>?
fields=name,description,creator_uid,user_support_email
&access_token=<App_ID>|<App_Secret>
I am thinking of tying in a Facebook JavaScript-based application with an existing website that has it's own user accounts, but have a question about a specific user situation.
The website is run almost 100% of the time from 'shared' computers, like those found in a career center. User A comes to my website, signs into the site and then authorizes the Facebook app, which stores their session in the browser, along with, effectively, signing them into Facebook.com.
User A now leaves my application by signing out of my site - but not closing the browser.
User B arrives, logs into my site with their login, but the Facebook session is still active (due to the browser staying open), so any FB app integrations I've included will show as if it is still user A, correct?
So the question is, what are the recommended ways to deal with this? Two options come to mind:
When the user signs out of my website, I fire an FB.logout call, so that all of the sessions are killed. Pros - I can ensure that user's signing into the site will not have old sessions hanging around. Cons - a user who is returning shortly after leaving will have to re-login to FB as well as my site to see the FB integrations - I'd love to avoid the user ALWAYS having to do two logins. Secondly, forcing the FB.logout when they leave my site kills any active sessions they have at facebook.com, which makes for a bad user experience as they would not 'get' why logging out of my site has anything to do with facebook.com, and will then have to re-signin to facebook.com.
The second option would be that when the user authorizes the FB app, I take their member ID and store that locally and persistently (database). Then, when a user returns to the site and signs in, I check their FB auth status, and if logged in to FB, pull their member ID and check it against the one I have stored locally. If they match, I have the correct user, if not, I do FB.logout and have them sign in to FB. Pros - this should ensure I always have the correct user to the site. Cons - not sure if getting, storing the member ID is feasible.
Any suggestions or pointers to the 'best practice' when it comes to ensuring that the current user is indeed the one associated with the FB account, specifically in this 'shared computing' situation where sessions may overlap?
Thanks
The second option looks to me to be the better choice. You can indeed store the users facebook id. By storing it locally i'm assuming you are talking using a cookie; however storing in a database is just as feasible.
Facebook user id's should be stored with a BIGINT(20) data type - such are the recommendations from facebook.
Taken from the user section of the facebook api refrence :
Looks like they changed their recomendations...
I have a native (FBML) Facebook Application. I do not want to push the application visitors through the authorization process, however I do want to know their Facebook ID.
Is it possible to find the visiting users Facebook ID without requiring them to "Authorize" my Application?
Before, I said it couldn't be done - but it can.
http://developers.facebook.com/docs/authentication/canvas
Read that, it's excellent. You need to decode the Base64 string and check the signature is correct, but other than that it gets you the user id among other stuff (like a temporary access token for graph.facebook.com)
REMEMBER : You need to change the settings in the Migrations tab for the information to come through! It's a vital step, but can be overlooked...
Hope this helps :)
Stuart
Well, since I am facing some issues with OAuth implementation, I decided to go back to normal method where users will input their login id and password and I will use them in my code to validate their google account to fetch calendar information. So when user enters login id and password, the page is getting stuck. When I check the code, setUserCredentials is the method where it is getting stuck. But when I enter my login id and password and debug on development site, it works fine. There is no problem when I debug. And importantly , the problem appears for first time only, once I debug the code and next time I try it without breakpoint, it works fine.
Does anyone know why setUserCredentials takes time or any way I can track why it is taking so time?
I have asked the same question on Google data api forum, but nobody answered it.
I reverted back to old Google Data API version from 1.41 to 1.40 and it worked.
What issues are you facing with the OAuth implementation? Using client login can potentially cause accounts to be flagged as hijacked.