I have to implement social logins. I played with the StackExchange login system and was wondering, why stackoverflow automatically merges the users fb to so account by email, without further confirmations.
Until the user merges these accounts from the so account, there should be no reason to trust the facebook account.
Is there another security mechanism that protects the user so account, that I do not take in consideration and can implement for my page ? (If the user doesn't want to trust fb, I don't see an disable option)
Is security traded for simplicity because it is only a wiki page ?
Adiddional Infos:
Facebook best practice merging:
https://developers.facebook.com/docs/facebook-login/multiple-providers#associating
If I login with my facebook account from a different ip, my original account id changes. My badge date is now wrong.
My Old so id was: 3754434 New id is: 4780688
If someone steals a facebook account, he can therefore destroy all rss feed links, and all other external links pointing to an user id. It is not possible to track a User because names are not unique and users are able to change the id.
Because my facebook user changed my profile data, i am not allowed to change my display name back for 30 days...
My question is why the so merging pattern works. Do I understand it right? Is it a good practice to apply on a small project? (With no important user data, allmost all public topics)
Aucun commentaire:
Enregistrer un commentaire