Forum Academy Marketplace Showcase Pricing Features

Email account linked with social media

Hello @neerja, I think it’s possible to completely get rid of the password. Currently I can log in in my Bubble app for the first time with a social account, and it will automatically create a User (assigning the email address stored in the social account).

The problem is that now, if the user deletes that social account, he will not be able to log in again with any other social account sharing the same email address.

Hi @neerja, could you comment on my last post, please?

We don’t want to use passwords in our Bubble app, and I believe it’s totally feasible to do it right now.

Thanks in advance.

1 Like

@miguel your use case is certainly complex with multiple social accounts and login status. It’s possible ‘current user’ changes between those under some conditions. However, from a cart perspective, if a user is logged out with items in a cart saved to a custom state and then logs in with a social account to complete the purchase, you can create a new cart thing for the logged in user with current user’s cart items. If you are not seeing expected behavior here, please submit a bug report with reproducible steps so we can test and address those corner cases.

Hello @neerja

If you look at the scenario I painted, I never mentioned that the user had saved cart items in a custom state. What I said is that modification to the temporary User thing were lost as the user got a new User instance.

The scenario I tested is for an already registered user who is browsing the site anonymously (hasn’t logged in yet), then carries out actions which modify current temporary User, then tries to login with a social account different to the one used to sign up (nothing complex here, most people have multiple social accounts, and not always remember which one was used for which site), gets a ‘email exists’ error, then automatically gets a new temporary User, thus losing all the changes made to the previous temporary User.

Regards.

“However, from a cart perspective, if a user is logged out with items in a cart saved to a custom state and then logs in with a social account to complete the purchase”

:thinking: Looks same so far

Issue seems to arise with ‘email already exists’ error. If cart items are being deleted at this point, a bug report will be helpful with reproducible steps or others on this thread can suggest error-handling or workarounds.

Thanks a lot mvandrei and Miguel to share this problem with me. I was astonished to realize that this basic behavior problem was quasi ignored by the bubble team, while developing tons of other (great) features. If you guys find a solution let me know because I don’t see how a serious app can work without solving this pb of regular/different social logins merging…

4 Likes

Well, unfortunately it’s not quasi-ignored, but in fact fully ignored, because as far as I know they are not going to implement the social accounts merging at logging in.

@nicolas.bousson 2 social accounts are already merged if you authenticate into one while logged into other. Please submit a bug report if you’re seeing something different. We understand there are corner cases which might not be handled as well and a bug report will help our engineering team for that.

@neerja, I think we have explained the situation several times already. The problem is when a user, who is not logged in, tries to log in with a different social account to the one he had used before to sign up. The fact that you currently allow for two social accounts to be merged when the user is already logged in is irrelevant, as it does not solve the issue we have explained.

A user with several social accounts (the vast majority) will not always remember which social account he used to sign up. It is not a corner case, it happens very often.

You mentioned a few posts back that your engineers decided not to implement this due to security reasons. I think it would be great if Bubble let its customers decide what has security implications and what not, because what you might think is dangerous, it might not be for some of your customers. You could have a checkbox to allow social accounts auto-merging at login, instead of not enable it at all.

Regards.

3 Likes

Hi @neerja, thanks for your quick reply but the I could not answer better than miguel’s response below: the current merging (user already logged in trying to log again) is irrelevant in my use case (by the way, if a user is already logged in, I don’t see why asking him to login again, it can be avoided just with a “User is logged in” condition), and I also think the problem miguel and mvandrei and me have (described extensively and with great details many times on this page) is the majority of cases and the one that bubble team should address in priority. The solution suggested by miguel, allowing us to decide if we take the risk of having a social media account usurpation, would solve my problem.

Regards

2 Likes

You could use the Auth0 plugin and then add in a rule to Auth0 that does the merge based on email …

sure, let’s pay for yet another service, while bubble could offer it as native, for free (included in the price you pay to use bubble)

3 Likes

It’s free.

We use auth0 to manage several thousand social profiles for our users. Because they are experts in managing multiple social logins.

free only up to 7000 and 2 social identity providers

I have a free one with > 2 IdPs :confused:

Hello @neerja.

Could you guys please allow the option to auto-merge social accounts? it could be a checkbox so whoever doesn’t want the auto-merging, he could opt-out.

Again, auto-merging does not pose a security issue (because if you have managed to signin with that social account, and that account shares the same email address as a different social account, that means both social accounts are yours). And most of the people I know don’t normally remember which social account they used to login to most websites.

But also, you should let owners of the website decide what they want to do, instead of forcing them to not have auto-merging.

Thanks.

1 Like

Hey ya’ll just encountered this issue on my app, this is a bit of a problem as accounts are being duplicated and data is all over the place between different user accounts.

We must be able to link different social accounts under 1 email address, this is normal behavior I’ve encountered with every product I’ve personally used.

Can you please provide an update on where this stands please @Bubble? Or if it’s something we should resolve on our end?

Thank you! :pray:

3 Likes

Get them to sign up with one email address.

Then connect to the various social accounts “manually” without using the Bubble social signup.

Or use Auth0 to help.

2 Likes

We need a little more information, so can you fill the Bug Report here with reproducible steps? We’ll take a look and get back shortly.

Hi, I will just try to add some more info about my scenario which triggers the same issue:

When I manually create a user and later this user tries to log in with Google OAuth, the error “this email is already in use” is shown.

  • My app requires users to log in only via Google OAuth

  • My app requires the users to be added manually before first login.

Hope this scenario simplifies understanding.

2 Likes