I am facing a pretty big issue that I underestimated, and now that I am getting close to launching the project, it brutally faced me.
Thinking that I might not be the only one, we need to link social media accounts automatically with email address.
For example: I signup using my email address. So that’s a bubble account right? Then I need to LOGIN with facebook (or google). When I try to do so, I get an error that the email address is already in use.
This shouldn’t happen. It should link it, link the social media with bubble account since they share the same email address.
Can this be a quick fix please?
if i understand correctly you want to make use of login in with X like Google etc. rather than have your users manually typing email and password each time?
You need to sign them up with Google or Facebook and then they can use that again t login.
Forget the separate sign up. it’s more signup/login with X.
I want to offer both: email registration and social login. And if the account was already made via email registration, upon social media login, shall the email address used on the social media account be the same as the email registration, should be merged/linked together, and allow a simple login instead of error of email already being registered.
@NigelG had a thread about this, I believe. It should just work, if someone is already logged in and then they authenticate with the social login, it should merge the accounts. I can’t find the thread from my phone, but I remember doing this myself when I set it up. I believe the trick is the user had to already be logged in by email before adding the social.
Hey!
Thanks for the shared document. But @mvandrei configured that before.
The thing is, that if we create a user, using Sign up action in workflow section, the user will not be able to Sign in via his social network account which has the same email address.
For instance,
A user with email robert@handsome.com has been signed up on the Bubble app using his email and password.
That user decided to skip an optional step which should tie his Google account to the current one. So, he skipped the step and accounts weren’t tied.
He left the app. After a while he decided to come back for getting some articles. He noticed, that he doesn’t remember the password of the account. So, he cannot sign in.
He wants to sign in using a button Sign in via Google, because his Google account has the same email address which he used for creating the account.
In this case, he will be alerted, that the user with robert@handsome.com is already in use.
By logic, that user is the owner of the email robert@handsome.com which is used on both sides. In this case, the system should allow the user to sign in as the created user, even if the user didn’t tie his Google account before.
Basically, 2 or more persons cannot own the same email address. So, it isn’t dangerous.
BTW, a lot of platforms allow that. It would be great if Bubble will also allow this.
I totally agree with @lottemint.md here. If the user has already signed up with a social media account, and some time later he tries to sign up with a different social media account, if both social media accounts share the same email address, then it’s safe to assume that the user is the same and Bubble should sign him in instead of showing the current error ‘This email is already in use’.
I believe it’s bad user experience what is happening now…
What would happen if a user had signed up using say Facebook, an some time later he deleted his Facebook account, how would that user be able to sign back in?
If he uses a different social network to sign in, he won’t not be able to sign in as the email address will exist already. So effectively, this user would have to create a new account with a different email address, right?
Our engineering team reviewed this request and don’t believe it’s a good idea to auto-merge profiles if you first login with Facebook then try to signup with a regular login. This can be a security issue if someone guesses an email, adds a password and then gains control of an account.
But you can check the email address used by the social media account. Like when you login with facebook it can ask to check/see your email address and register that too.
Then, if you want to login via G+ or using gmail (in this scenario the facebook’s account is gmail), it will allow you and load your profile. So you can login with either: email, fb, g+
L.E. You’d also have to confirm that email address… so there is no security risk involved.
But what about if the users signs in the second time with a different social account, and not with the regular address? If this new social account authenticates the user, and the email address already exists in the database, merging accounts would not pose any security risk whatsoever. Why would this pose a risk?
Regarding the user trying to sign in with a regular account, I could agree with you that there would be a security risk if the website did not validate the email address by sending an actual email to that email address.
But I repeat, I don’t think there’s any security risk if the user tries to sign in using a different social account.
Finally, how do you suggest then we can solve the issue I described on a previous post, where a user had signed up initially with a social account (say Facebook), then he deleted his Facebook account, and then tried to sign in again to the website (using a different social account with the same email address, or regular email authentication)? Because right now this is an unsolved issue.
@miguel Just want to make sure we understand the user flow for your multiple scenarios.
Scenario 1
User signs up through regular login
While logged in, user authenticates with social 1 merging profiles
While logged in, user authenticates with social 2 merging profiles -> Does this step give you an error? If it does, this is a bug.
Scenario 2
User authenticates with social
User deletes social but that account is still retained on a Bubble app -> this step will not necessarily save social’s email to Bubble app. If the email is not saved to database and user tries to signup now with that email, the signup will be successful as a separate account
User tries to signup with that deleted social’s email but gets an error -> What error do you see?
Yes and no. I mean, if you signup via social media you can have access to what email address that social media uses, right? And later, if the users wants to signup using the same email address, then it validates the email address previously used with that social media. If it’s a different one, it can link it with social media account. For example:
I want to signup via email. email@provider.tld. Later, I want to skip the email and password step and just tap on facebook social media login option. I am using the same email address on that social media account (email@provider.tld) as I did via direct email authentication. Since it’s mine, I can merge the two of them, under one account. From now on, if I login via email or social media, I will end up on the same account.
And please make email address confirmation mandatory on bubble.If a user has bad intentions, it will signup using temp email that can be banned, or create fake ones, under custom domain names and tlds… But this will help on social media MERGING with email address under a single account.
in this case, we will require the user to (manually) associate an email address with that social media account.
It’s good as a backup plan too, in case something happens to the social media account.