MonoX support board

Start the conversation, ask questions and share tips and solutions with fellow developers.

Non-registered users can only browse through our support boards. Please register now if you want to post your questions. It takes a second and it is completely free. Alternatively, you can log in without registration using your credentials at major sites such as Google, Microsoft Live, OpenId, Facebook, LinkedIn or Yahoo.

Multiple social identities issue  (Mono Support )

Viewed 13249 time(s), 5 post(s) 9/18/2012 11:45:32 AMby GeorgeBirbilis4
GeorgeBirbilis4

GeorgeBirbilis4

9/18/2012 11:45:32 AM
If social login provides back the e-mail address user has set up at the social site, then instead of creating multiple accounts as MonoX does I'd expect it to login to the users current account if any (account either 1st created from a sign-up to the site or from any social login that had provided that e-mail back to MonoX)

The social sites that you support for login ask for e-mail confirmation I hope before activating social login feature but beter check to be safe security wise (else hackers can set up a Facebook say account giving ones e-mail and without doing e-mail confirmation use it to log-in elsewhere with his id)
This content has not been rated yet. 
35 Reputation 6 Total posts
super

super

9/18/2012 1:41:20 PM
I agree...
This content has not been rated yet. 
6018 Reputation 709 Total posts
denis

denis

9/18/2012 2:16:05 PM
Although your request makes perfect sense, there are numerous problems with the implementation. Many social networks do not allow us to get the user's e-mail (or are providing proxy e-mail addresses), and in general it is very difficult to "deduplicate" user identities when using multiple social networks. In any case, we are switching from the Janrain's service to the internal implementation of the social login in the next update, and will support the feature you want for social networks that are returning the valid e-mail.

The security issue you describe is not valid, as you already have to be active on the Facebook and give approval before MonoX can use your data.
This content has not been rated yet. 
7207 Reputation 956 Total posts
GeorgeBirbilis5

GeorgeBirbilis5

9/18/2012 2:25:06 PM
Still not sure about the security issue not being valid. The thing is suppose I create an account on Facebook, does it instantly log me in, or wait till I do e-mail confirmation before I start making use of Facebook "services" (like the social sign-in at other sites)? I hope they have thought of it already (and other players in the field like Windows Live etc.), but better check first what they do to be safe


This content has not been rated yet. 
15 Reputation 5 Total posts
denis

denis

9/18/2012 2:33:43 PM
I think that you should go through the process to see how it works. You have to create an account on the Facebook (including the e-mail verificiation and everything else), and only after that you will be able to use the "Login via Facebook" feature, where you need to explicitly accept the MonoX request to use your FB account on our end. There is no way for a hacker to create a phony account or to use your email address. Does this answer your question?
This content has not been rated yet. 
7207 Reputation 956 Total posts