0

We are planning to use social logins (like facebook, google, twitter, pinterest, and so on) in our app.

What are the rules for storing the facebook IDs (or google, twitter, ...) in our database? Do we need to hash it like passwords? What about the authentication tokens?

If a user deletes the app, can we contact him through his profile page to ask him why he deleted it? (assuming we are allowed to store the ID unhashed)

Clarification:

If the app is only deleted, the user ID would be stored for future logins from other devices. If the user wants to delete their account on our server, it would be deleted completely.

sigma
  • 117
  • 7
  • Most important: Store IDs as text, even if they might look(!) like integers. And (at least for FB) you can of course not contact a user via their profile if the remove your app; you can however get notified about them removing your app via the _Deauthorize Callback URL_. If you think you need to contact them about this, ask for their contact email address (and get explicit consent to contact them in that case for that purpose, otherwise you would be spamming). – CBroe Oct 06 '14 at 13:00
  • The answers to these questions are going to be different for every network. Your best bet is going to be to research each networks best practices via their docs. – abraham Oct 06 '14 at 14:53

0 Answers0