New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: How to use bell to link multiple providers to one saved user account? #134
Comments
Are you missing some information? Can you share how your are doing it? If you are only storing state in the cookie, then you could store the auth tokens depending on which strategy is used such as:
Or something similar? I have to guess, the state you have to keep in the cookie would get pretty big, so maybe offload that to some in-memory database if the cookie gets too big. |
I have the /login/{provider} routes setup like in the examples. On the main service I have:
So in any routes I have session as my strategy. But of course for the login routes I have twitter, google, etc. When I log: I guess the issue I see is that I can't share the data from request.auth (cookie) with the routes on login therefore not knowing if someone's already logged in. I could be doing this completely wrong though. |
I would have to put a gist together to show this but if you want to try for yourself, until I get to it, you basically have to combine the auth strategies together. There is no Hapi way to do it, but basically you create a new strategy which does the hapi-auth-cookie stuff, and then does the bell login. Like this, you have access to the things you need. On your other routes, you use the hapi-auth-cookie strategy like always. |
Oh and just in case your use case is simpler than I think it is. You can set up multiple strategies on a route. So you can set I think I am correct that you need to link multiple social accounts to one login but it may help some other people with the more common use case. |
@Icehunter the way I am handling it, is by checking
|
@ravisuhag There are lots of ways to handle long lived tokens. But in the end it's a simple call to exchange the short lived one for the long lived one. I like to do it in the background through some sort of queue. You can also do it when a user logs in/signs up, verify the token and after you've replied to the user, just go ahead and exchange the token if you don't have a long term one already. I store the long lived token in my database since I usually need to do stuff while the user is not interacting with the application. If you need access to it, I like using hapijs/yar for storing session data. |
Great, thanks. Seems like we have to have a differnt exchange strategy for each provider. I was thinking of writing a generic function for all the providers as in above comment. But I guess we can live with one helper for each provider to get long lived token. |
@ravisuhag Thanks for the response although I tried what you have and I never see hapi-auth-cookie in state. Or basic auth. I have one global handler function and buy the time it gets the request info the state and credentials have been overwritten with the new strategy used.
|
@Icehunter This is not a good idea anyway, why would you do that ? You should instead make sure it is not allowed in your app, for example by checking if the email address from the provider is already in your database, considering that you use the same email on all your providers accounts. |
This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions. |
Hi!
As the title says; once I login with one; how would I go about using bell to login with another but linking the two on the back end?
Between google/facebook/twitter I get different information. On the first one I save the user to the session with hapi-auth-cookie; however by the second time around (since I use bell for the auth strategy) it's gone at that time and not shared between routes.
Thanks!
The text was updated successfully, but these errors were encountered: