New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[NEW] Let user link other social accounts into the same account #8496

Closed
rafaelks opened this Issue Oct 15, 2017 · 5 comments

Comments

Projects
None yet
6 participants
@rafaelks
Member

rafaelks commented Oct 15, 2017

Description:

We need to have a way to link all the social accounts available in the server into user's account. This feature was requested from the KDE guys (@ruphy and @tomaluca95). Their need is basically to let the users that are using RC already login using their own oAuth system.

Server Setup Information:

  • Version of Rocket.Chat Server: 0.59.0-rc.13
  • Operating System: Linux
  • Deployment Method(snap/docker/tar/etc): Hosting
  • Number of Running Instances: 20
  • DB Replicaset Oplog: Enabled
  • Node Version: v4.8.4

Steps to Reproduce:

  1. Have a server with Twitter, Google+, GitHub and some custom oAuth enabled.
  2. Create a user with email;
  3. Try to login the user with Twitter;
  4. It will try to create a new account, instead of linking to the same user;

Expected behavior:

  • It should be a way to link my Twitter account into my user of RC;
  • It could be a link into the "My Profile" page on the web (and the apps);

Actual behavior:

  • You can't link any network account into your account;
@rafaelks

This comment has been minimized.

Show comment
Hide comment
@rafaelks

rafaelks Oct 15, 2017

Member

@ruphy @sampaiodiego just mentioned to me that if your login accounts has the same email, they'll link. But we'll still need a way to link accounts without the emails being the same, or even without email.

Member

rafaelks commented Oct 15, 2017

@ruphy @sampaiodiego just mentioned to me that if your login accounts has the same email, they'll link. But we'll still need a way to link accounts without the emails being the same, or even without email.

@mrinaldhar

This comment has been minimized.

Show comment
Hide comment
@mrinaldhar

mrinaldhar Dec 4, 2017

Contributor

From what I understand, if the emails being used are different, i.e. different email to sign up for rocket chat and a different one that twitter has, using this twitter account in OAuth would require us to verify the email that is being used by the user's twitter account. So basically, we get the email from twitter OAuth, send a verification email to that address, and once verified, link that email to the user.

If I'm not wrong, this goes against the idea of OAuth a little bit, since the point of it was to allow users to login to third party services using their social account instead of their email, and now we're requiring them to check their email for a verification link. They'd rather just sign up with their email, right?

Contributor

mrinaldhar commented Dec 4, 2017

From what I understand, if the emails being used are different, i.e. different email to sign up for rocket chat and a different one that twitter has, using this twitter account in OAuth would require us to verify the email that is being used by the user's twitter account. So basically, we get the email from twitter OAuth, send a verification email to that address, and once verified, link that email to the user.

If I'm not wrong, this goes against the idea of OAuth a little bit, since the point of it was to allow users to login to third party services using their social account instead of their email, and now we're requiring them to check their email for a verification link. They'd rather just sign up with their email, right?

@ruphy

This comment has been minimized.

Show comment
Hide comment
@ruphy

ruphy Dec 4, 2017

Hi, yes and no. This allows users who had already signed up with a legacy method to switch to OAuth-based providers, for example. Or to add a password in case they are getting rid of the ID provider account, for any reason...

ruphy commented Dec 4, 2017

Hi, yes and no. This allows users who had already signed up with a legacy method to switch to OAuth-based providers, for example. Or to add a password in case they are getting rid of the ID provider account, for any reason...

@soundstorm

This comment has been minimized.

Show comment
Hide comment
@soundstorm

soundstorm Dec 21, 2017

Contributor

Just changed my mail address to that used with the oauth account, linked them and changed it back. Works but is not comfortable ;-)

Contributor

soundstorm commented Dec 21, 2017

Just changed my mail address to that used with the oauth account, linked them and changed it back. Works but is not comfortable ;-)

@Hudell

This comment has been minimized.

Show comment
Hide comment
@Hudell

Hudell Jul 2, 2018

Member

I'll close this in favor of #3187.

Member

Hudell commented Jul 2, 2018

I'll close this in favor of #3187.

@Hudell Hudell closed this Jul 2, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment