将网站用户帐户与 Facebook 帐户绑定的最佳工作流程
我需要将 facebook-connect 实现到用户可能已经拥有内部帐户的网站。如果内部帐户不存在,则应根据 Facebook 凭据创建它。此外,应该可以将现有帐户链接到 Facebook 帐户。技术实现对我来说很清楚,但我更感兴趣的是实用、最佳且易于理解的用户活动工作流程。
1)我最初的想法是有一个带有用户和密码字段以及两个按钮的登录表单:“与facebook连接”和“登录”。如果按下“登录”,则内部帐户正常登录。如果按下“与facebook连接”,则用户连接到facebook,然后根据用户和密码的状态,我可以检索内部用户并绑定它与 facebook 用户,或创建一个新的内部用户并将其绑定到 facebook 用户,或检索绑定到 facebook 用户的内部用户。然而,我在工作流程中发现了一些问题。如果输入的用户名和密码与 Facebook 帐户绑定的用户名和密码不同,该怎么办?
我将尝试用伪代码来说明问题:
if "login" is pressed:
internal_user = authenticate(username, password)
if "connect to facebook" is pressed:
facebook_user = get_facebook_user()
if username and password are filled in:
internal_user = authenticate(username, password)
if facebook_user has no internal_user:
facebook_user.bind_internal_user(internal_user)
else:
# conflict! what to do with it?
# facebook_user.get_internal_user() != internal_user
else:
if facebook_user has internal_user:
internal_user = facebook_user.get_internal_user()
else:
internal_user = facebook_user.create_internal_user()
internal_user.login()
用户也可能会感到困惑,询问自己是否需要输入 facebook 用户名和密码或网站的用户名和密码。
2) 另一种选择可能是将登录表单、连接到 facebook 和注册表单作为三个不同的选项,其中连接到 facebook 将获取或创建一个内部帐户;然后是单独的可选表单,供登录用户绑定其 Facebook 帐户。但话又说回来,还有可能创建一个重复的内部帐户。
处理这个问题的最佳做法是什么?其他网站主要使用什么?
I need to implement facebook-connect to a website where users already might have their internal accounts. If internal account doesn't exist, it should be created from facebook credentials. Also it should be possible to link an existing account to facebook account. The technical implementation is clear to me, but I am more interested about a practical, optimal, and understandable user activity workflow.
1) My initial idea was to have a login form with user and password fields and two buttons: "connect with facebook" and "login". If "login" is pressed, the internal account is normally logged in. If "connect with facebook" is pressed, the user is connected to facebook and then depending on the state of user and password, I could retrieve the internal user and bind it with facebook user, or create a new internal user and bind it to facebook user, or retrieve the internal user that is binded to the facebook user. However, there I see some gotchas in the workflow. What if the user and password entered are of a different internal user than the one that is binded to the facebook account?
I will try to illustrate the problem in pseudocode:
if "login" is pressed:
internal_user = authenticate(username, password)
if "connect to facebook" is pressed:
facebook_user = get_facebook_user()
if username and password are filled in:
internal_user = authenticate(username, password)
if facebook_user has no internal_user:
facebook_user.bind_internal_user(internal_user)
else:
# conflict! what to do with it?
# facebook_user.get_internal_user() != internal_user
else:
if facebook_user has internal_user:
internal_user = facebook_user.get_internal_user()
else:
internal_user = facebook_user.create_internal_user()
internal_user.login()
Also users might get confused asking themselves if they need to enter facebook username and password or the username and password of the website.
2) Another option could be to have a login form, connect to facebook, and registration form as three different options, where connect to facebook would either get or create an internal account; and then a separate optional form for logged-in users to bind their facebook accounts. But then again there would be possibilites left to create a duplicate internal account.
What are the best practices to deal with that? What are the other websites using mostly?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
登录表单:(
两个互斥的部分“非此即彼”,如果您使用facebook,则无需填写登录表单)
一旦用户与FB连接并且您没有该uid的关联用户帐户,那么您弹出另一种形式:
在这一步之后你应该被覆盖 - 无论他们选择哪种方式结果应该是相同的。
通常,您在登录期间不会提示 Facebook 连接用户输入密码,他们只是使用 Facebook 连接按钮,因此随机生成的密码就可以了。如果您想创建可以在没有 Facebook 的情况下使用的完整帐户,那么您会提示输入密码(但仍然不要使用它来登录 Facebook)。
Login form:
(two mutually exclusive sections "either or", you don't need to fill out the login form if you use facebook)
Once a user is connected with FB and you don't have associated user account for this uid then you popup another form:
After this step you should be covered - no matter which way they chose the result should be the same.
Usually you don't prompt for password for facebook connected users during login, they just use facebook connect button, so randomly generated password would do. If you want to create full scale account that could be used without facebook then you prompt for a password (but still don't use it for facebook login).
FBConnect 应该忽略您的用户名/密码,在您的数据库中,您需要存储将从 fb 连接登录返回的 fb 令牌。如果用户成功登录,您将被重定向到您选择的页面,您可以在其中获取该 fb 令牌并将其与数据库进行比较并忽略用户名/密码。当fb弹出自己的登录窗口时,他们在表单上填写的用户名/密码将被忽略。
我希望这能回答你的问题。
FBConnect should ignore your username/pass, in your database you need to store the fb tokens which will be returned from a fb connect login. If the user successfully logs in you will be redirected to a page of your choosing where you can take that fb token and compare it to the database and ignore the username/password. The username/password they filled in on the form will be ignored when fb pops up its own login window.
I hope that answers your question.