1

Using the kuzzle auth passport oauth plugin, how would you handle having multiple social providers able to login to the same Kuzzle account?

I got the login working with Facebook and Google, and I let users create an unique username for their account when the user login with a new social provider. At this username creation step they get the option to connect with the other social provider to prevent creating multiple accounts or if they already signed up through another provider.

What's the proper way to have a single Kuzzle account having multiple login strategies attached to it from different oauth providers?

Pierre Minik
  • 33
  • 3
  • I'm afraid there is no simple answer to this and you might need to develop another authentication plugin to handle a login via multiple strategies for one single user. I'm curious though, if you don't create a new user when logging in with Oauth provider then what do you do? Can't you then login with this username with, let's say, its email? – Jeno Apr 12 '21 at 12:11
  • Designwise, in my webauth window I do a check upon a succesful login wether or not it's a fresh user. If it's a fresh user I prompt the user to select a username. If username is already taken, or they know they could've signed up with another social provider they get the option to log in with the other providers. I had an idea to merge two accounts/providers with a custom controller but that seems like a security risk. We can no longer expect emails from social providers to be standardised. Using Google, Facebook and Apple the emails can be proxied. Or did you mean something else? – Pierre Minik Apr 16 '21 at 11:22
  • Alright, that answers my question. I didn't know emails could be proxyfied :/ I thought about the same solution as you mentioned, if the email already exists from another provider, simply log the user in.. – Jeno Apr 17 '21 at 12:08

0 Answers0