Some Concerns on User Account Data Pulling

[vw729]

According to a survey(http://www.emarketer.com/Article.aspx?R=1008226), social media login is very important for some types of web applications. I hope this project can move forward quickly.

[rajeevbhutani001]

Certainly different applications will have different security requirements and there's not a one-size-fits-all answer for deciding how to represent a user ID. This actually has little to do with social integration and more to do with the design decisions made when considering your application's security and how user IDs will be represented in your application.

As you pointed out, a user account with an email address as its ID is a bit more hackable. If that's a concern for you, then don't do that. Decide on credentials that are fitting to your application's security requirements.

Now, once those decisions have been made, you may choose the convenience of letting your user's create their account based on the information in their profile on some social network. In that case, Spring Social can help. But again, that's an optional convenience and even if you choose to use it, you may choose to use certain information in their profile and disregard other bits of information.

In any case, synchronizing accounts with social profiles is really only a single use-case in the bigger Spring Social story. The more exciting stories involve enhancing your user's experience with tweets from Twitter, knowing their friends on Facebook, enabling them to send tweets based on events in your application, alerting them to real-world events that coincide with their TripIt itineraries, etc, etc.

I'm agree with you.Very well said.

[habuma]

Have you had a look at Spring Social 1.0.0.M2 yet? It offers support for sign-in-with-Twitter and sign-in-with-Facebook. In short, it works like this:

- After signing into the Twitter/Facebook, if a local account can be found that's connected to the Twitter/Facebook account, then the user will be signed in automatically using their connection as their credentials.
- If no matching connection can be found the user will be sent to an application-defined registration page. After a successful registration, a call to ProviderSignInUtils.handleConnectPostSignUp() will create a connection between the newly created account and the Twitter/Facebook account.

You can read more about how it works in the reference documentation: http://static.springsource.org/sprin...ml/signin.html

Have a look and let us know if there's any way that it can be improved upon. For example, one improvement that I've already been asked about is to have the user's profile data readily available for the registration form to be prefilled.

[vw729]

Have you had a look at Spring Social 1.0.0.M2 yet? It offers support for sign-in-with-Twitter and sign-in-with-Facebook. In short, it works like this:

- After signing into the Twitter/Facebook, if a local account can be found that's connected to the Twitter/Facebook account, then the user will be signed in automatically using their connection as their credentials.
- If no matching connection can be found the user will be sent to an application-defined registration page. After a successful registration, a call to ProviderSignInUtils.handleConnectPostSignUp() will create a connection between the newly created account and the Twitter/Facebook account.

You can read more about how it works in the reference documentation: http://static.springsource.org/sprin...ml/signin.html

Have a look and let us know if there's any way that it can be improved upon. For example, one improvement that I've already been asked about is to have the user's profile data readily available for the registration form to be prefilled.

Thanks Craig for your information.

I am studying the M2 and the showcase sample these days. For our user account sign in/creation, I am going to have our FacebookSigninController class based on the M2's FacebookSigninController class so that the user will be redirected to a registration form with a portion of prefilled data, that is first name, last name, and email address, from the FacebookProfile if this user account doesn't exist in our system. We need to add a FB ID attribute to our user account entity so that we can identify FB users.

Our system would like to allow user login with multiple social media accounts. What is your suggestion on how to identify a user with accounts on multiple social media? Say one user already has his/her account with us through FB, now this user want to login through his/her Twitter account. How our system knows this user already has an account in our system? None of names, email address can be used as a user identifier.

I have a few other questions in regarding of the M2. I will post them as separated threads.