社交网络(Facebook,Twitter等)用户帐户集成(重复方案) [英] Social Network (Facebook, Twitter, etc) User Account Integration (duplicate scenario)
问题描述
因此,肯定有很多关于如何将各种单独的社交网络身份验证/注册集成到现有用户帐户中的教程.但是,我似乎无法找到太多有关该信息的场景是,如果用户使用不同的社交网络凭据登录到您的帐户.例如:
So there are definitely many tutorials out there regarding how to integrate various individual social network authentication/registration into existing user accounts. But the scenario I can't seem to find out much information about is if a user signs into your account with different social network credentials. For example:
场景#1
用户使用网站的身份验证在网站上注册.
用户然后使用Facebook Connect在网站上登录/注册.
然后,用户使用Twitter登录/在站点上注册.
Scenario #1
User registers on site using site's authentication.
User then signs in/registers on site using Facebook Connect.
User then signs in/registers on site using Twitter.
如何将所有这些都集成到一个帐户中?
How do I integrate all of these into one account?
很明显,一旦注册用户,他们便可以在帐户设置页面中添加其他社交网络关联.但是我更担心他们是否通过其他社交网络注册而忘记了已经设置好了.
Obviously once a user is registered, they can add other social network associations in the account settings pages. But I am more concerned if they register via the other social network not remembering they are already setup.
我的一般想法是尝试找出一种使用用户名"或电子邮件来尝试猜测并向用户展示在此处组合帐户的方法.
My general thoughts are trying to figure out a way to use the "username" or email to try and guess and present the user a way to combine accounts right there.
有人有什么想法吗?
推荐答案
跟进-
如果您的用户不记得他们之前已经注册过,那么,通常来说,祝他们好运;)
if your users can't remember that they've signed up previously, well, best of luck to them in general ;)
正如您所描述的,我计划让用户选择通过其他方式登录后即可链接其他帐户的选项.
much as you described, i'm planning on giving users the option to link additional accounts once they have signed in by one means or another.
但是就交叉核对而言,您只能做很多事情.许多社交网络API确实确实提供了电子邮件地址(一旦您通过OAuth进入),但是只有当用户选择公开其地址时,这些地址才可以访问,但不能保证.
but as far as cross-checking, there's only so much you can do. many social network APIs do indeed provide email addresses (once you've busted in through OAuth) but these may be accessible only if a user has elected to make his/her address public, which is not guaranteed.
也不保证该用户为每个社交网络帐户使用了相同的电子邮件地址,因此即使您设法检索一个地址,它也可能对您没有用.
also not guaranteed is that the user used the SAME email address for each social network account, so even if you manage to retrieve an address it may or not be of any use to you.
最后,如果您通过这种方式找到匹配的电子邮件地址,建议提示用户链接帐户,而不是假设他/她希望自动完成此操作.有些人喜欢保持多重性格.即看起来您也已经在Twitter上注册了-您是否想要关联您的帐户?这会使您的生活看起来值得一住."
finally, if you find matching email addresses via such means, it might be advisable to prompt the user to link accounts rather than assume he/she wants this done automatically. some people like to maintain multiple personalities. i.e. "it looks like you are also signed up with twitter - do you want to link your accounts? it will make your life seem worth living."
您可能会考虑提供奖励措施来链接用户帐户或提供电子邮件地址(当然,您可以根据您网站的功能自行确定可能是什么).
you might consider offering incentives to link user accounts or to provide an email address (up to you of course to figure out what these might be, based on the functionality of your website).
解决方案是维护多个帐户,然后如果通过各种方式发现了链接信息,则在查找表中指示所述链接. 一种替代方法是,一旦找到链接,尝试将多个帐户的所有相关条目合并到一个帐户实体中-我只能说后一种方法是谨慎行事,因为这可能会导致严重的复杂性,具体取决于用户活动级别和数据库架构的复杂性.
solution i am working on, database-side, is to maintain multiple accounts and then if link information is discovered by various means, said link is indicated in a lookup table. an alternative is once you find a link, attempt to combine all relevant entries for the multiple accounts into one account entity - all i can say about this latter approach is that i would do so with caution as there could be a formidable level of complexity depending on the user's activity level and the complexity of your database schema.
在我的(心理/实际)名称空间中,注册老式方式的用户拥有一个标准"帐户,而使用社交网络的用户拥有一个别名"帐户.那么目标便是定义别名应指向的位置,即创建查找,以便随后通过或登录都检索两个帐户的相关信息(显示标准"帐户的个人数据的首选项).
in my (mental/actual) namespace a user who registers the old-fashioned way has a 'standard' account and one who uses a social network has an 'alias' account. then the goal becomes to define where the alias is supposed to point, i.e. create the lookup such that a subsequent login via either means retrieves the relevant information for both accounts (with a preference for displaying personal data for the 'standard' account).
自从我上一篇博文以来,我想出了如何使Twitter OAuth发挥作用-如果您有兴趣,可以查看我的其他答案以获取详细信息.
btw i figured out how to make twitter OAuth behave since my last post - you can look at my other answers for details if you're interested.
JB
马特,
我正在处理相同的问题 现在.
i'm working on the same problem right now.
假设用户从常规开始 网站帐户(不是 如果他看到,一定可以安全地假设 所有漂亮的与XXX联系 网络"按钮!!!),您可以使用 OAuth或javascript API (facebookConnect或@anywhere- 还没有完全弄清楚后者 但是我不确定我是否推荐它 我认为它不能提供丰富的 API和后端库一样) 登录其他网站.
assuming the user starts with regular site account (which is not necessarily safe to assume if he sees all the pretty "connect with XXX network" buttons!!!), you can use either OAuth or the javascript APIs (facebookConnect or @anywhere - haven't fully figured out the latter yet and i'm not sure I recommend it as I don't think it provides as rich an API as do the backend libraries) to login to the other sites.
API应该返回某些 成功后的信息 从社交网络登录/重定向 -例如用户ID和访问令牌,然后您可以将其存储在 数据库以某种方式关联 您的实际"应用程序用户 社交网络的ID.
the APIs should return certain information after a successful login/redirect from the social network - such as the user ID and an ACCESS TOKEN which you can then store in your database in some capacity associating your 'actual' application user with the ID of the social network.
当用户返回网站时,您 然后可以
when the user returns to the site, you can then
1验证社交网络设置的cookie 网络服务(各种方案 通常基于 在您的sha1或md5哈希上 应用程序数据-我的意思是 注册时获取的数据 带有twitter/facebook的应用程序,通常是 使用者密钥,应用程序ID等- 以及收到的Cookie),所以您知道 用户已使用社交网站登录 网络
1 verify cookies set by the social network services (various schemes typically verifying a signature, based on sha1 or md5 hash of your application data - by which i mean the data you get when you register your app with twitter/facebook, typically a consumer key, application ID, etc. - with the received cookies) so you know the user has logged in with the social network
2查找您的数据库条目关联 如上所述
2 find your database entry association as described above
3根据以下信息手动登录您的用户 假设的脸书/推特 连接是安全的.
3 login your user manually based on the assumption that facebook/twitter connection is secure.
腔室:仅与您的腔室一样安全 实施(或与 facebook/twitter的实现,如果 您更喜欢...)
caveat: this is only as secure as your implementation (or as secure as facebook/twitter's implementations, if you prefer...)
尽管twitter的OAuth不 目前看来工作正常, 他们对 过程非常有用: http://dev.twitter.com/pages/auth
although twitter's OAuth does not currently seem to work quite right, their general description of the process is pretty informative: http://dev.twitter.com/pages/auth
祝你好运.
J
这篇关于社交网络(Facebook,Twitter等)用户帐户集成(重复方案)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
