In our system, users can have multiple email addresses and designate them as primary. They can log in with their primary email address and password.
We are looking at adding Facebook login.
My question is:
When user fb “signs up” and we see that the email address for this user fb matches the email address for the user in our internal user database, is it safe to continue and “merge” these accounts so that fb user can see the data for internal user? Or is it better to give the user some hints that he / she can link their accounts and then direct them through the authentication process to the internal account before merging?
The question would also be for the opposite case, when a person first signed up with us using facebook, but now creates an account using his email address, which corresponds to the email for one of our facebook users. Should we go further and automatically combine users or go through the auth process?
I think I'm unclear about the oddities that can occur between the emails we manage and the ones that facebook manages, and I'm worried about what might be the result if one of these oddities hoses some accounts.
Any ideas appreciated.
authentication login oauth facebook-graph-api
A2345sooted
source share