How to avoid connecting two different webapp accounts with one social account

Question

I'm using Spring Social to connect user application account to a social account (Facebook and/or Twitter).

It turns out that it is possible that two different user accounts connect to the same social account.

Example:

User1 in my webapp connects with Facebook account #1
User2 in my webapp connects with Facebook account #1

This is possible now. Looks like this happens inside Spring Social. After that, sign-in with social account is not possible for both accounts.

I would like to avoid connecting same social account to different webapp users at a point when User2 tries to connect. Any hint how can I do that is appreciated!

score 1 · Accepted Answer · edited Aug 13 '12 at 09:07

1

An answer to this question is providede here. Code example here.

In short, ConnectInterceptor must be used for ConnectController to check for existing connection and remove currently creating connection if its a duplicate.

edited Aug 13 '12 at 09:07

ssasa

1,616
1
18
30

answered Aug 13 '12 at 07:00

Ljudevit

368
3
12

score 0 · Answer 2 · answered Aug 11 '12 at 08:14

If you are using default connection controller provided by spring social, after getting the user token/secret it stores in database. To store in database spring-social uses :

org.springframework.social.connect.jdbc.JdbcConnectionRepository
org.springframework.social.connect.jdbc.JdbcUsersConnectionRepository

Before storing into database you can validate the items and provide your own logic.

Hope this helps!

How to avoid connecting two different webapp accounts with one social account

2 Answers2