Linking to Facebook Authentication

Eric Garrison asked on March 9, 2015 04:45

I am having an issues with the Facebook login. Some of the users have Non-Facebook accounts and Facebook accounts. How can I make it so users only have 1 account? I am using the Facebook Login webpart and it creates accounts when users connect. Ideally, I would want a user to register the first time, then enable Facebook for all future logins.

In the docs: It does say "Kentico automatically creates a new account for the user." I thought there was a way that the accounts associated back under V7, but now on 8.2, it seems like we get more complaints about dupe accounts and unlinked accounts.

Correct Answer

Virgil Carroll answered on March 9, 2015 14:31

Eric, you are correct about how Kentico works, but its not any different than version 7. You are able to hold multiple login methods in the user profile, but what you are asking is really going to be more difficult than that and most likely require some custom C# to accomplish.

The issue you are going to run into is how to know that a user that registers via Facebook or FBA are the same person. You could rely on the persons name, but this brings up a whole slew of problems including did they type it in the same, are there more than one person with the same name. You could use the email for this, but again same issue, people could really get around this by using multiple emails.

Your best bet would be to use some kind of code that a user needed to enter to register that was unique to them (may or may not be practical based on your requirements) therefore you would know it was the same person and could check to see if they had already registered.

Your other option is to add a manual approval step into the registration process to QA on your own.

We've had this requirement many times ourselves and there is no reliable way to guarantee you will be able to keep users from duplicate accounts. Even people with the best intentions will do things with our stuff that we did not expect :) Depending on your use case, maybe one of these directions would help. If you don't have a lot of users then maybe checking one of the other registration fields (name, email, etc.) could give you at least a reduction of duplicate accounts.

0 votesVote for this answer Unmark Correct answer

Recent Answers

Eric Garrison answered on March 9, 2015 15:04

Virgil - Thanks for the great answer. You are right. I think what will be best for my situation is to encourage the general users to use Facebook. Basically make the Facebook login button the primary registration element and hide the manual one. The reason we did not do before is that we need some additional information added to their User profiles. I think we can do that via code on their Logged in Homepage.

Manual processes will not work for our application and names will not either. We do have multiple "Jane Smiths" in the database already from different cities.

0 votesVote for this answer Mark as a Correct answer

Charles Matvchuk answered on March 9, 2015 15:39

The Facebook login has been a hot topic with us for some time. We actually have 100,000 user accounts and what we found is that about half, have a facebook page. Also a lot of user expressed their dismay when we pushed or required them to use their Facebook Login. Our solution is that we have everyone create a system login and if they want to attach their Facebook or other OAUTH account then we do that as an after effect. Through our user groups and testing there is a propensity for people to get away from Facebook and unifying logins.

Just our thoughts and processes.

0 votesVote for this answer Mark as a Correct answer

Eric Garrison answered on March 9, 2015 15:53

Charles, 50% is around our number also. I was not going to require them, just encourage with better positioning of the Facebook link. A user who is trying to login with their email address or a user name that they think is their user ID, but because it is facebook signup, they don't know that their id is: facebookid_829397. Then they do Reset Password. 10 minutes later, they hit live chat and say that something is broken. I am sure Charles has the same issue. The site does not have 100K logins yet, but I want to fix the problem before we do.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.