Forum Academy Marketplace Showcase Pricing Features

Email account linked with social media

I wanted to fix the same issue… I didn’t fix it but at least I enjoyed reading this thread, very entertaining! auth0 is the winner here

Is there some way to connect two user records, I think that would solve a lot of this.

Once logged in you need 2 buttons - “connect another social media account with the same email” which seems to work, and “connect another social media account with the same email” .

2nd one would then create a dummy user account with the second email, and a built-in workflow that changes the current user to the 1st account when logging in with the second…

Seems like this could be done any number of times for an account, and as long as it must be done from inside the 1st account, It doesn’t seem like it would then be a security risk

Found this thread because I thought the Google login plugin was broken.

Turns out it’s working as designed. Seems it’s just designed poorly.

@DavidS says that a users who first logs in with an email cannot then login to their account using an OAuth provider linked to that same email because of security.

This doesn’t make sense to me. Bubble does not provide a single OAuth plugin. There’s one for Google, one for Facebook, etc. So just because there are a couple of fringe OAuth providers who don’t require email confirms, Bubble decided to cripple the OAuth plugins for those that do (e.g. Google and Facebook).

There are a few OAuth providers that account for 99% of OAuth logins. They all require email confirmations.

So, unless I’m missing something, this design decision isn’t increasing security, it’s just forcing shitty UX on end users and requiring lots of extra work for Bubblers to design and implement workarounds that even after all that effort only result in a slightly less shitty UX.

Please make the Google and Facebook plugins log users in who have previously used an email/pass to login when they use an OAuth login with the same email.

2 Likes

To address this issue, I’m trying to show the user a more helpful message that tells them “you signed up with [user’s sign up method]. To login you must use the same method. Once logged in, on your Account page, you can enable additional methods.”

I have a “sign up method” field on the user that’s populated when they sign up. And I’m trying to locate that field by extracting (i.e. finding and replacing the non-email message text) the user’s email from the error message.

But the do a search for user by email is returning no results.

The email’s hidden in red below appear to match. And they match a user in the database.

I don’t think it’s a privacy issue as Sign Up Method is a field anyone can view (and I don’t think email would need to be publicly viewable but for testing I temporarily made it so).

Perhaps it’s due to the line break in the error message circled in green in the screenshot above?

This is how the error message can be edited and how it appears by default

I tried editing the error message to be blank hoping that’d make it only return the email but when this is blank it returns the default error message anyway.

Any ideas as to how to make a customized error message that tells the user how they signed up work?

1 Like

https://manual.bubble.io/help-guides/working-with-data/authenticating-users#traditional-and-social-logins

I know this post is a bit old but I just set that up successfully in my app.

I used the “When an unhandled error occurs” event to trigger showing up my customised error message (in my case, it’s a popup).
image

Then I added a custom state to my error message popup to store the email generating the error. I extracted the email this way:
image

After in my popup, I simply have a repeating group showing all the Authentification methods that users has (which is stored in the database like you described).

I made sure in my privacy rules that the the users could be found in searches and made the authentification method public.

UPDATE: The method I showed to extract the email didn’t work everytime (there is sometimes some text after the email). So I used this Regex code instead: ([\w-]+(.[\w-]+)@([a-z0-9-]+(.[a-z0-9-]+)?.[a-z]{2,6}|(\d{1,3}.){3}\d{1,3})(:\d{4})?) - found on this forum!
image

1 Like

Is it still the same stance that Bubble has?

I have got hundreds of users who signed up with us using Firebase that we were using earlier (Once they logged in I created their normal email/password account with fuid stored).

Now we just moved to native Oauth login of Bubble and hell has broken loose as these people can’t login to our system anymore!

We need a solution here. Leaving users stranded is not an option for us.

At least maybe have the user confirm his login by logging into his Bubble account by typing in email/password after they login via Oauth? I know other way round works where they login with email/password and then we can ask them to connect oauth, but that won’t work. Here I can set their passwords to something simple and they can login. But first action from them should be google login only.

Also I don’t understand this stance. When you are ready to trust the oauth provider for identity of the person, why don’t you trust them with email ID? We can trust them for user’s name, phone, photo and other things but not email!

A shame Bubble still hasn’t fixed this.