Implement webservice for login with social sites

6
votes

I am working with the webservies for ios and android app and need to develop a service for login with social media.

The app need to support login with twitter, facebook, linkedin, and google plus.

As parameters, I am accepting userid from social site and the site from which this id originated and the basic user info like firstname, lastname, and email.

Below is the structure of relevant tables for this

  1. user table

    userid | email | deviceid | firstname | lastname | password

userid being primary and email is unique

  1. user social media table

    userid | site | token

When I get this information from the frontend, I first check if social user id is already there. If social id doesn't match then I check if email exists in db or not. If email is not in the db, then I register the new user.

Now the main issue is that the twitter sdk for android and ios does not return the email and even facebook does not return the email if the user is registered by phone, because of this I am having a problem uniquely identifying the user on my end. I have searched a lot but can't come up with any solution for this.

Please correct me if I am wrong anywhere in my approach and suggest to me how can I handle the email issue.

3
phpfacebookweb-servicestwitter
@usumoio frontend guys are sending userid direcly so I dont need to use oauth at my end .Anyways what will u suggest ?alwaysLearn
Dang, that was just a shoot in the dark. Do the SDK docs mention anything about including additional parameters like email via additional modifiers?usumoio
You should use the user id those external services return to identify users in your system.CBroe
Then tell your users, that to connect those two different accounts, they should login to your site with one first, and then connect to the other – so that you know, they belong to the same userCBroe
No, there is little else that would allow you to uniquely identify any user across social networks. And even if you get an email address, they might have used different ones to sign up for different networks.CBroe

3 Answers

3
votes

I'd have used 1 table for both types of users instead, like this:

userid | type | email | socialid | deviceid | firstname | lastname | password | token

'type' column would be an enum of possible account types: fb, twitter, google or email

'socialid' would have an id from social network (the id is included in oauth response) for users coming from those and will be null for normal users(registered via email)

'email' would include an email for normal users and be null for social users

Then it's just a matter of SELECT query to understand what type of user you're working with

2
votes

Take a look at http://hybridauth.sourceforge.net/ and implement to suite your architecture or solution.

0
votes

Normally the Facebook API should ship with the users ID. Twitter SDK is a bit tricky. Try to save the userers Twitter-username in your database.