链接通过Facebook登录的新用户连接到现有帐户

Question

I have recently implemented login to my via facebook connect. So now users have 2 ways of logging in to the site. The old way of registering an account and the new way (facebook connect).

One thing I would like to do is link a new facebook connect user account to existing accounts if they logged in the old way.

Has anyone had any success doing this?

Answer 1

Very good question I think and lots of people will benefit from an answer.

What you need to remember is that accounts are only linked so long as they are authorised to be linked through Facebook. What you should do is maintain a second table of linked accounts in your database so that you know who is who and if they are linked with Facebook.

You should read this integration comment, it provides a lot of useful information.

http://crazyviraj.blogspot.com/2010/01/test-cases-for-basic-facebook-connect.html

It doesn't really say how to do things, but it makes sure you tick all the boxes of what you should be doing .

ie:

Sign Up should fail if the user denies permission to the app (category: sign up)

Since we need access to an email address, Sign Up should fail if the user provides publish permission but denies email permission (category: sign up)

If the user provides an email address that already exists in your system, fail Sign Up. Make sure no YouFace backend tables are modified (category: sign up, 1:1 mapping) PS - when this happens, I didn't find a way for you to de-authorize YouFace on the Facebook user's behalf. The user must manually do this if they wish you use the same account but provide a different email address.

Accounts created using Facebook Connect should not be able to login using YouFace's default email/password login system (category: sign in, account security). PS: Since YouFace accounts require a password and those created using Facebook Connect don't, make sure to insert a random password hash into your table to avoid silly errors

Accounts created using YouFace should be able to sign in without requiring to be signed into Facebook, even if when a link to a Facebook accounts exists (category: sign in)

Any many more

Answer 2

You should be asking for permanent access through fb connect authentication. Once you've done that, you'll get a token which gives your permission to access someone's Facebook information, and that token will not expire unless the user explicitly removes you from the permission list or changes his/her password.

Once you have the token, associate that token with the user / create a new field in your user table to store it.

To associate the user with a Facebook account without the user logging in, you can try to match by email. It's not 100% accurate but it's pretty good. Facebook doesn't give you email addresses in text form but you can get email hashes from FQL. Since you already know user email addresses, you can calculate the hash for all of your user emails and search through your user base for matches every time a new Facebook Connect user signs up.