Why different third party login services like facebook, github, google generates different user for the same user?


#1

Hi,

Why different third party login services like facebook, github, google generates different user for the same user?
How can I avoid that, user with the same email should use the same account.

Thanks


#2

just a thought. wouldn’t that impose a security threat?

so let’s say you have an account with the email address ab@cd.com
you probably have a facebook and a google acocunt but no github account. all i have to do to hijack your account, is to create a github account using ab@cd.com, then use that github account to access the meteor app and i can successfully sign in into into your account.


#3

I think github and facebook verify that you actually have access to the email with the standard verification process.


#4

there are a couple of different user merging plugins available.

Do a google for “merge meteor accounts” - you’ll find a whole bunch.


#5

Hi, i had this same situation too. And in my case, I need to change creation user:

Accounts.onCreateUser( function (options, user) {
  user.profile = options.profile;
  if (user.profile == null) {
    user.profile = {};
  }
  if (user.services != null) {
    var service = _.keys(user.services)[0];
    var email = user.services[service].email;
    if (email != null) {
      var oldUser = Meteor.users.findOne({
        "emails.address": email
      });
      if (oldUser != null) {
        if (oldUser.services == null) {
          oldUser.services = {};
        }
        if (service === "google" || service === "facebook" || service === "twitter") {
          oldUser.services[service] = user.services[service];
          Meteor.users.remove(oldUser._id);
          user = oldUser;
        }
      } else {
        if (service === "google" || service === "facebook" || service === "twitter") {
          if (user.services[service].email != null) {
            user.emails = [{
              address: user.services[service].email,
              verified: false
            }];
            user.services["password"] = {bcrypt: "xxxxx"};
          } else {
            throw new Meteor.Error(500, service + " account has no email attached");
          }
          user.profile.name = user.services[service].name;
        }
      }
    }
  }
  return user;
});

#6

Thanks for the code.