-
-
Notifications
You must be signed in to change notification settings - Fork 104
Unique Oauth connections for users #44
Comments
If you are using a SQL datastore, you can set a unique constraint on |
This should be handled by this code: https://github.com/mattupstate/flask-social/blob/develop/flask_social/views.py#L123-L134 And tested with this code: https://github.com/mattupstate/flask-social/blob/develop/tests/functional_tests.py#L107-L120 |
@mattupstate I am not sure if the code you linked to is related to what I was talking about, as that code seems to handle connections. Not registrations, which is what I was trying to prevent. Then again, I don't know the innards of the code so maybe I am wrong. I think what @eriktaubeneck said was what I was thinking. I added:
but it didn't seem to do much. However, I was using sqlite and not MySQL (which I am now). I'll check this out again and see if it works. If so, I'll submit a PR for a documentation update. |
Adding a unique constraint on those columns helps, as instead of letting the same OAuth account be connected to two different accound, I now get an error from Flask when doing so (with somenumbers replacing my ID):
The lines from the trace back that seem most useful are:
I am a bit of a newbie at Flask. Is there a way to catch this Exception at the app level, or would we need to add error handling in Flask-Security? |
Not all users will want this to be unique (and the error will depend on which sort of Connection you are using) so it should be handled in your app. Just put the operation that raises the error in a |
Sorry for not getting back to this. I understand what you are saying, but when you say "Just put the operation that raises the error in a try/except block," ... the code that does this is in Flask-Social itself. So I do not think we want to change the modue based on what you said. So my question is, can this be caught at the app level and if so, how? |
If you application is set up similar to the Flask-Social-Example, then when in the view where the user is created, the
that should take care of the issue. |
Is there a way to ensure that users who register or connect with an Oauth account are not using this Oauth'ed account more than once across the system? In other words, can we prevent users from connecting or using their Twitter account on multiple accounts on our site? I tried googling and searching the docs, to no avail. I assume this would be a good feature for most sites.
The text was updated successfully, but these errors were encountered: