Email account linked with social media

@mvandrei If the email signup and social profile are already merged, you can login with either method going forward. The current limitation is that you have signup with email first then merge with social.

Good point about requiring email address confirmation for socials. We recommend doing this with workflows currently but an official approach can definitely help.

1 Like

Hello Neerja.

There’s precisely a missing Scenario, which is the one I have been trying to explain on several messages :

Scenario 3:

  • User signs up on Bubble app using a social media account (say Facebook). Email address is stored in the database
  • user deletes his Facebook account. Email address is still stored on Bubble app
  • user tries to sign into Bubble app using a different social account (say Twitter), which shares the same email address as the one stored in Bubble app from Facebook login
  • user cannot login because Bubble app says the email address is in use. User has to create a new account and lose all the information from previous account.

Also, the scenario described by @mvandrei is great. A user may sign in with any account (be it regular email -validated- or social accounts) and if they share email address, they are merged.

@NigelG, I don’t think it’s a question of whether it can be done or not. Of course anything can be done, using Auth0 or whatever else. I believe it’s a matter of Bubble providing a standard functionality that makes sense to the user and provides a good user experience. Forcing a user to remember which social account he used to first sign in, or forcing the user to create a new account in Bubble because he deleted the social account he first used to sign up is definitely not a good user experience, in my opinion.

Kind regards.

2 Likes

Ok, agree that email address might not always be available on the social accounts (and in these situations, there’s nothing we can do about it), but if it is, and it’s the same, wouldn’t it make sense to merge the accounts, since we can safely assume the social accounts belong to the same user?

Also, if the user first used a social account (with an email address associated) to sign up, then deleted that social account, and then tried to sign back in to the Bubble app with the same email address (using a different social account), right now the user would not be able to sign in, unless the user used a social account with a different email address. This is a currently a problem with no solution as far as I know.

2 Likes

@miguel Thanks for confirming flow for scenario 3. The user in this case can click ‘forgot your password’, enter the email associated with their social and then click the reset link delivered to their email. This works in our testing but please submit a bug report if you are still running into issues in your use case.

1 Like

But Neerja, what if the user does not want to use regular email but only social accounts? In my case, I don’t want to keep passwords in my Bubble app so I will only accept social accounts.

1 Like

@miguel From a user-friendliness perspective, once an email account has been merged with a social profile, users can choose to use only social login going forward. From a security perspective, passwords are stored salted and encrypted in our database. While we cannot completely get rid off a password requirement at the moment, there are options for being social first in your app.

Hello @neerja, I think it’s possible to completely get rid of the password. Currently I can log in in my Bubble app for the first time with a social account, and it will automatically create a User (assigning the email address stored in the social account).

The problem is that now, if the user deletes that social account, he will not be able to log in again with any other social account sharing the same email address.

Hi @neerja, could you comment on my last post, please?

We don’t want to use passwords in our Bubble app, and I believe it’s totally feasible to do it right now.

Thanks in advance.

1 Like

@miguel your use case is certainly complex with multiple social accounts and login status. It’s possible ‘current user’ changes between those under some conditions. However, from a cart perspective, if a user is logged out with items in a cart saved to a custom state and then logs in with a social account to complete the purchase, you can create a new cart thing for the logged in user with current user’s cart items. If you are not seeing expected behavior here, please submit a bug report with reproducible steps so we can test and address those corner cases.

Hello @neerja

If you look at the scenario I painted, I never mentioned that the user had saved cart items in a custom state. What I said is that modification to the temporary User thing were lost as the user got a new User instance.

The scenario I tested is for an already registered user who is browsing the site anonymously (hasn’t logged in yet), then carries out actions which modify current temporary User, then tries to login with a social account different to the one used to sign up (nothing complex here, most people have multiple social accounts, and not always remember which one was used for which site), gets a ‘email exists’ error, then automatically gets a new temporary User, thus losing all the changes made to the previous temporary User.

Regards.

“However, from a cart perspective, if a user is logged out with items in a cart saved to a custom state and then logs in with a social account to complete the purchase”

:thinking: Looks same so far

Issue seems to arise with ‘email already exists’ error. If cart items are being deleted at this point, a bug report will be helpful with reproducible steps or others on this thread can suggest error-handling or workarounds.

Thanks a lot mvandrei and Miguel to share this problem with me. I was astonished to realize that this basic behavior problem was quasi ignored by the bubble team, while developing tons of other (great) features. If you guys find a solution let me know because I don’t see how a serious app can work without solving this pb of regular/different social logins merging…

4 Likes

Well, unfortunately it’s not quasi-ignored, but in fact fully ignored, because as far as I know they are not going to implement the social accounts merging at logging in.

@nicolas.bousson 2 social accounts are already merged if you authenticate into one while logged into other. Please submit a bug report if you’re seeing something different. We understand there are corner cases which might not be handled as well and a bug report will help our engineering team for that.

@neerja, I think we have explained the situation several times already. The problem is when a user, who is not logged in, tries to log in with a different social account to the one he had used before to sign up. The fact that you currently allow for two social accounts to be merged when the user is already logged in is irrelevant, as it does not solve the issue we have explained.

A user with several social accounts (the vast majority) will not always remember which social account he used to sign up. It is not a corner case, it happens very often.

You mentioned a few posts back that your engineers decided not to implement this due to security reasons. I think it would be great if Bubble let its customers decide what has security implications and what not, because what you might think is dangerous, it might not be for some of your customers. You could have a checkbox to allow social accounts auto-merging at login, instead of not enable it at all.

Regards.

3 Likes

Hi @neerja, thanks for your quick reply but the I could not answer better than miguel’s response below: the current merging (user already logged in trying to log again) is irrelevant in my use case (by the way, if a user is already logged in, I don’t see why asking him to login again, it can be avoided just with a “User is logged in” condition), and I also think the problem miguel and mvandrei and me have (described extensively and with great details many times on this page) is the majority of cases and the one that bubble team should address in priority. The solution suggested by miguel, allowing us to decide if we take the risk of having a social media account usurpation, would solve my problem.

Regards

2 Likes

You could use the Auth0 plugin and then add in a rule to Auth0 that does the merge based on email …

sure, let’s pay for yet another service, while bubble could offer it as native, for free (included in the price you pay to use bubble)

3 Likes

It’s free.

We use auth0 to manage several thousand social profiles for our users. Because they are experts in managing multiple social logins.

free only up to 7000 and 2 social identity providers