Hi,
Why different third party login services like facebook, github, google generates different user for the same user?
How can I avoid that, user with the same email should use the same account.
Thanks
just a thought. wouldn’t that impose a security threat?
so let’s say you have an account with the email address ab@cd.com
you probably have a facebook and a google acocunt but no github account. all i have to do to hijack your account, is to create a github account using ab@cd.com, then use that github account to access the meteor app and i can successfully sign in into into your account.
I think github and facebook verify that you actually have access to the email with the standard verification process.
there are a couple of different user merging plugins available.
Do a google for “merge meteor accounts” - you’ll find a whole bunch.
2 Likes
Hi, i had this same situation too. And in my case, I need to change creation user:
Accounts.onCreateUser( function (options, user) {
user.profile = options.profile;
if (user.profile == null) {
user.profile = {};
}
if (user.services != null) {
var service = _.keys(user.services)[0];
var email = user.services[service].email;
if (email != null) {
var oldUser = Meteor.users.findOne({
"emails.address": email
});
if (oldUser != null) {
if (oldUser.services == null) {
oldUser.services = {};
}
if (service === "google" || service === "facebook" || service === "twitter") {
oldUser.services[service] = user.services[service];
Meteor.users.remove(oldUser._id);
user = oldUser;
}
} else {
if (service === "google" || service === "facebook" || service === "twitter") {
if (user.services[service].email != null) {
user.emails = [{
address: user.services[service].email,
verified: false
}];
user.services["password"] = {bcrypt: "xxxxx"};
} else {
throw new Meteor.Error(500, service + " account has no email attached");
}
user.profile.name = user.services[service].name;
}
}
}
}
return user;
});
1 Like
Thanks for the code.