0

I am storing the user details of social authentication to User (authenticable) model, and login the user. So that i can use the features of Auth.

Callback function:

public function callback()
{
    $user = Socialite::driver('facebook')->user(); 

    $newUser=new User();
    $newUser->name=$user->name;
    $newUser->email=$user->email;
    $newUser->remember_token=$user->token;
    $newUser->save();

    Auth::login($newUser, true);
    return redirect('/');
}

But, I then realize anybody could login with just username with built in login, normal login form, if no password validations are required since we donot store facebook password in our app database. and password will be NULL in this case.

I think of deleting the user details after user logs out.

public function logout()
{ 
    User::find(Auth::user()->id)->delete();
    Auth::logout();
    return redirect('/')->with('message','logged out!');
}

This doesnot looks so good. What is the correct or better way to make the socially authenticated user use Auth?

Sanzeeb Aryal
  • 4,358
  • 3
  • 20
  • 43

1 Answers1

1

It means you haven't understand the life cycle of the api carefully. Redirect the user to the facebook page let them accept your application and signed in. After the facebook will provide the details of user and store them fb_id,email,phone etc then create them. Next time when they login make sure the fb_id matches with the returned from the user login. So deleting the user after registration makes no sense.

ujwal dhakal
  • 2,289
  • 2
  • 30
  • 50
  • couldn't anybody login with just username from built-in login if not any password validations required, since we donot store password from facebook to `user` model? – Sanzeeb Aryal Dec 05 '16 at 14:27
  • Yes we login from the facebook id since facebook only provides id after login so we can be sure the id we are generating is from the logged user so no passwor would be needed thats why you are creating social auth login isnt it? if it would require password for the every login why to use social auth it will be useless na? – ujwal dhakal Dec 05 '16 at 15:11
  • i mean after authentication from facebook we store fb id, name, username, but not password in `User` model. then couldn't anybody login with only username from builtin login not from facebook? – Sanzeeb Aryal Dec 05 '16 at 15:17
  • haha :D in social auth you login from facebook id not username you check if the facebook id exists in database you login then and redirect if facebook id isnt there you simple create and redirect them – ujwal dhakal Dec 05 '16 at 15:20
  • I have both the social and built in login. If a user logs in from facebook and we store that user details. Can't anybody login with that details from built in login? i mean that. – Sanzeeb Aryal Dec 05 '16 at 15:23
  • actually built login has different logic and the social login has different logic for login. for builtin login you check username and password and for social auth you check socialauth ID – ujwal dhakal Dec 05 '16 at 15:28
  • that's exactly what i mean. Aren't we combining both if we store social user details to `user` model which is authenticable by default. And then we can login using those details from built in login. Anyway thanks. – Sanzeeb Aryal Dec 05 '16 at 15:32
  • we will be using the same table but using different method for e.g A method accepts built in login .. A has user n pass check from db then process and B has social auth in built which checks for the id and if u login by facebook app id with no password in A method it wont login since in A method we check username and the password with no empty values validation too :) Hope this help – ujwal dhakal Dec 05 '16 at 15:37
  • I'm still not getting it. What if we use B username to login with A method? – Sanzeeb Aryal Dec 05 '16 at 15:42
  • A has username field while B has facebook_id field – ujwal dhakal Dec 05 '16 at 16:03
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/129817/discussion-between-sanzeeb-aryal-and-ujwal-dhakal). – Sanzeeb Aryal Dec 05 '16 at 16:06