my application need twitter account create account , authentify. then, user can link other twitter accounts like. so, user has 1 main twitter account allow him connect app, then, can browser accounts has linked in app. question login process on twitter side.
first, i've thinked setting force_login when linking new account. way, user not have reconnect on twitter each time want connect app. and, when want link account, force_login force him chose right account. problem twitter stay connected last authentified account. so, if user logout app after linking account, login twitter, login second account, , create new user on app. exemple:
user has 2 twitter accounts : @a , @b. he's authentified twitter @a. signup app, twitter shows him permissions asked app, user accept, he's redirected app, new user can auth @a created. then, link @b account. force_login, twitter asks him credentials. user login @b, twitter asks permissions, then, account linked user on app. have user can auth @a , linked @b. then, session on app over, user needs reconnect. because there no force_login, twitter sees he's connected account authtorised app, connection accepted without action user. but, nobody sees user connected last account : @b. so, signin action @b, means new user creation. have 2 users : user1 can auth @a , linked @b, , user2 can auth @b. , user doesn't understand @a account.
so question : have set force_login anywhere ? or there way tell twitter not authentify when linking account?
edit more details :
it's not easy. keep in mind many user should manage same account. simple example : @maurice , @roy members of @reynholmindustries corporation. create own account on service own account on twitter. on service, have user1 can connect @maurice , user2 can connect @roy. then, @maurice add @reynholmindustries account service. so, after login in @maurice, can manage @maurice , @reynholmindustries. then, @roy add @reynholmindustries too. nobody can login @reynholmindustries @maurice , @roy, own account can manage it. , then, it's possible create new user signing @reynholmindustries.
the difficulty when adding new account : usera signin service signin in on twitter. he's authentified @maurice , on service usera , can manage @maurice. then, adds @reynholmindustries signin in twitter @reynholmindustries. he's authentified on service @maurice, can manage @maurice , @reynholmindustries but, on twitter, he's authentified @reynholmindustries. later, lose auth on service , click on signin button. he's redirected on twitter oauth form , have 2 options :
- without force_login : authentified @reynholmindustries because last account signin with. so, twitter don't ask him auth , he's automatically redirected service, not usera auth @maurice, new user : userc auth @reynholmindustries. userc can manage @reynholmindustries because he's new user.
- with force_login : if auth @reynholmindustries on twitter side, need give login/pass , sure chose correct account : @maurice, access usera , manage 2 accounts. but, have give login/pass everytime he'll have auth service.
by writing this, realise not problem : if service had local auth, user should have type login/pass everytime lose auth… maybe force_login correct option. think of this?
for me looks problem not related twitter @ all. need handle login / sign process in application.
here happens, according description:
- user signs @a account
- internally create user profile in database (i assume have database, doesn't matter kind of database), this:
- user a
- id = 1 (your internal id)
- name = usera
- accounts (related table)
- twitter @a
- user adds 1 more (@b) account
- you update user profile this:
- user a
- id = 1
- name = usera
- accounts
- twitter @a
- twitter @b
- the user signs out
- the user logs in @b account
- twitter approves , redirects app
now "so, signin action @b, means new user creation.". why so? twitter knows nothing application, know it.
what want here search through database, find have "twitter @b" account , linked "usera". login "usera" application instead of creating new user (you anyway don't want have different users same twitter account, twitter account id should unique in database).
Comments
Post a Comment