i want to know if its possible to get the email of the people who are using open id to authenticate to my site [of course with the user knowing that i am getting their email]?
this email will be the user id of the user and i want the user to be able to loggin using any provider and then i will set this email as the user identity.
i need this information in order to design the structure of my site.
i am looking into the following open id providers.
Gmail
Yahoo
Facebook Connect
Hotmail
thanks
Use open social API's...
OpenSocial defines a common API for social applications across multiple websites. With standard JavaScript and HTML, developers can create apps that access a social network's friends and update feeds.
Refer to this link for more:-
http://code.google.com/apis/opensocial/
Who says the OpenID provider has the user's e-mail to give to you? I can get an OpenID identity that's accessed only by my fingerprint.
Related
I wrote this same question to #Linkedin support service and I was redirected to this link where they indicate to ask questions in Stackoverflow.
We are developing a mobile App for the Polytechnic University of Madrid and we plan to expand to other Universities in the future. This aplication will need in a first instance OAuth via Linkedin. It will also need to allow the authenticated user to send connection invitations to other users contained in a list. For creating that list of users, it will be useful if the admin of the system could search in a bar similar to the one which Linkedin has, write a user name and select it, retrieving its user ID or what is needed to identify the invitation destination.
Summing up, the App needs:
OAuth API
Connection request API
User search API
I have read on the web that some of Linkedin's APIs suffered some modifications in which most of them where limited to allowed users or apps. So the aim of this post is knowing:
Do the APIs my mobile application needs exist?
What do I need to do to obtain the access to those APIs in case they exist?
User search API
For this feature you could use something like Algolia Instant Search
LinkedIn has changed many things related to user data. If you need access to its data then you must follow the given guidelines.
Basically you have to create a LinkedIn App and then the users have to grant permissions to your app by installing it in their device(s) and then only you can collect their data.
I'm wondering how Facebook, Twitter and LinkedIn (to name a few) are using the Windows Live API to find the email addresses of the friends of a user to send them invitations.
When I try to use the Windows Live API I only get the email_hashes which can only be used to compare with existing user email of a system instead of sending them invitations.
Are these services paying Microsoft to benefit of an advanced API ?
Thank you,
Sébastien
All you need to do is add the following scope to the list of scopes you are requesting:
"wl.contacts_emails"
e.g.
WL.login({scope: ["wl.basic", "wl.contacts_emails"]})
Let's imagine that we have ecommerce website that suggests 3 way for user registration:
regular email
via facebook
via twitter
Now let's imagine that we have user signed via facebook/twitter account and we need send him notification about his order (order complete or s/t like that). How can we do this? It is absolutely clear for regular email users - we should just email them notification, but what about Facebook/Twitter users?
Thank you!
With Facebook when they authenticate with your application, you can request email permissions to be able to access the email address they have nominated to use with their facebook account. At the point of registeration you could then store this address in your database and all order flow could follow the existing email path.
You could probably re-use this methodology for twitter too.
I can understand the need to differentiate on registration processes however I think you want to streamline post order notification as much as possible for consistency across users.
I've integrated social logins (Facebook, Twitter, etc.) with a Rails app using Devise and OAuth. The requests and callbacks all work great and users are able to authenticate the app and login efficiently.
My problem is this:
With Devise, my site has the user's email address as the username. So, whenever a user logs in through a social site for the first time, a 'connection' record is stored for their account to show which social sites they've logged in with. If they don't already have an account on my site, one is created with the email address from the callback array. The connection is then stored along with the returned tokens and secrets for later use (FB posts, tweets, etc.).
Unfortunately, Twitter doesn't provide the email address. To circumvent this, I'm asking first-time users that login with Twitter to simply provide an email address so an account can be created. However, I can't figure out what to do if they already have an account on my site. I can't check if they already do since I'm not given an email address to match up. This could ultimately cause a user to have multiple accounts.
So, I'm a bit at a loss, and if anyone has any suggestions, it would be extremely helpful.
Thanks! :)
You'll need to store some oauth provider info like {provider, twitter identifier} too to your database and then check twitter oauths based on that instead of the email ID.
The simplest thing to do would be to add a slightly different flow for if the login was via twitter. Ask a first time Twitter login user for the email ID. In your users table, add a column called tw_id and add the users twitter identifier. Next time, if the login is via Twitter, you check the tw_id instead of the provider email and proceed with the normal app flow.
The problem I see with single login services, is that if you login once using Facebook, once using Twitter, and once using LinkedIn - you have three different accounts. Everything would be fine, if Twitter was giving an email address. So, how do you fix it?
I have the same problem and I was hoping the clever folks on SO would have an elegant solution. All I can think of doing is :
User logs in with LinkedIn
Check the user table to see if they have an account using their LinkedIn id
If not, ask them for their email address before logging them in
When we have the email address, check to see if they already have an account using their email address
If they do, add their LinkedIn ID to this record and log them in
If they don't, create a new record and log them in
This means that each user record needs fields for every possible account, or more correctly use a link table connected to their local user id with a record for each account they log in with.
It also defeats the benefit of a simple OpenId login because the user has to register their email the first time they login with a new OpenId account.
Like I said, elegant it ain't, but it is the best I can think of.