[Plugin: Social Login] Process Doesn't work correctly for Twitter, LinkedIn or WordPress

Resolved bamajr
(@bamajr)

12 years, 2 months ago

Ok, so the idea behind this plugin is solid, but the follow-through isn’t there. I understand that social websites change their process for how applications are added/approved, from time to time, but that is something the plug-in developer needs to stay on top of.

I have added your plugin to http://bamajr.com/ I have an existing account on that site, which I use to log in and administer the site. When your plugin is enabled, I can log in with all of the elected services.

However, the plugin doesn’t correctly handle matching my existing profile with the service I log in with, when I Log in with Facebook or Log in with Google.

When I log in with Facebook and/or Google, I am logged in as if I had simply logged in with my username/password for http://bamajr.com/

When I log in with Twitter, LinkedIn and WordPress, I get logged in under a “created” username (different for each service). I can browse http://bamajr.com/ as if I’m logged in, but I can’t get to my dashboard. When I try, I get a message “You do not have sufficient permissions to access this page.”

I use the same email address on all of the supported services and it works fine with Facebook and Google. So, why is it not working with the remaining services?

http://wordpress.org/extend/plugins/oa-social-login/

Viewing 5 replies - 1 through 5 (of 5 total)

Thread Starter bamajr
(@bamajr)

12 years, 2 months ago

Oh, and FYI, when users update their profile while logged in with a Facebook or Google account, this plugin is causing the “Login Email Sync” plugin to permanently change the username field to be the user’s email address, so that their username is no longer available. So, going forward, that person is required to log in with an email address, unless they log in with a Facebook/Google account.

This does not happen when the “Login Email Sync” plugin is installed and this plugin is not.

I don’t know how in the world I’m going to fix this issue. I do not want to force users to log in with their email address, if they already have a username/password set up on my site. The ability to log in with their credentials from other social sites is supposed to be a convenience to my websites visitors, not screw up the site entirely.

Terrible goof.

Plugin Author Claude
(@claudeschlesser)

12 years, 2 months ago

Hi bamajr,

thank you for your support inquiry

First of all the linking issue:

I use the same email address on all of the supported services and it works fine with Facebook and Google. So, why is it not working with the remaining services?

The plugin links your social network account to an existing account only if the social network account’s email has been verified.

When an email is verified, we can be sure that it is your email and it is thus safe to link the social network account to an existing account.

If the email has not been verified, it is not safe to link the social network account to an existing account and the Social Plugin thus doesn’t do the linking. If it would link any email, I could create a WordPress account with your email address and then use the Social Login to login as administrator to your blog.

The linking works as intended, it is for your safety that it does not rely on the email only to link accounts. I will however forward this issue to my team and we will recheck if we can find an issue.

Oh, and FYI, when users update their profile while logged in with a Facebook or Google account, this plugin is causing the “Login Email Sync” plugin to permanently change the username field to be the user’s email address, so that their username is no longer available.

It is not Social Login that changes the username, but the “Login Email Sync” and as far as I understood, this is the intended use.

Login Email Sync it will sync the username with the email every time a user updates her/his profile.

http://wordpress.org/extend/plugins/login-email-sync/

Regards,

Thread Starter bamajr
(@bamajr)

12 years, 2 months ago

@claudeschlesser

I understand the security issue related to the social network accounts as it relates to an email address and can appreciate the security issues that can come up as a result of trying to link social accounts with WordPress accounts.

However, in the case of Twitter, LinkedIn and WordPress the email address used for each account must be verified before an account can be created, so why does this not pull across when connecting with your plugin?

For Instance…

I have Facebook, Twitter, Google, LinkedIn and WordPress.com accounts set up. All of those accounts use the same email address I use for my WordPress website (http://bamajr.com/). With all these accounts, except Google (which works fine), I even have the same username (bamajr) and I use the same First/Last name.

When I log into my WordPress website using your plugin and my Facebook/Google credentials, I’m matched with the correct profile, previously created, on my WordPress website.

When I log into my WordPress website using your plugin and my Twitter, LinkedIn and/or WordPress credentials, I’m not even able to get to the dashboard nor see my user profile. If I try, I get “You do not have sufficient permissions to access this page.” If I then log out of my WordPress website and log back in with Facebook/Google, or even the account I previously used without your plugin, there are users created with really long (hash-like) email addresses and no first/last name.

It seems to me if my WordPress website, Facebook, Twitter, Google, LinkedIn and WordPress.com accounts are all using the same email address, username and first/last name, then I should be directed to the correct user profile when logging in with your plugin. Otherwise, what is the point in matching user profiles in a WordPress web site with those of social networks?

And again I ask, if it works correctly with Facebook/Google, why isn’t it working for Twitter, LinkedIn and WordPress, given the information I’ve provided in this reply?

RE: Login Email Sync Issue…

The plugin is supposed to “SYNC” the username and email address for the purposes of logging in, but is not supposed to replace a username with an email address. Its supposed to allow a person to log in with either one.

However, I have been able to do further testing and prove it is unrelated to your plugin and have notified the plugin developer as such.

The only reason it only came to light when configuring your plugin, is that a user logged in to my WordPress website with social credentials (I.E. Facebook/Google). They went to their user profile on my WordPress website to make sure nothing had changed within the profile. Instead of exiting the profile they clicked the “Save” button. This is actually where the issue is. A user can use both username and email address, with the “Login Email Sync” plugin, until they update/save their user profile. Then they can only log in with email addresss.

Plugin Author Claude
(@claudeschlesser)

12 years, 2 months ago

Hi bamajr,

However, I have been able to do further testing and prove it is unrelated to your plugin and have notified the plugin developer as such.

Thank you for the testing, I’m glad to hear that it was not due to our plugin.

And again I ask, if it works correctly with Facebook/Google, why isn’t it working for Twitter, LinkedIn and WordPress, given the information I’ve provided in this reply?

Thank you for further explaining. Please give us a day or two to have a closer look at the issue. (I have re-opened the ticket and will get back to you soon!)

Regards,

Thread Starter bamajr
(@bamajr)

12 years, 2 months ago

Awesome…

I’m excited to use your plugin and look forward to a resolution.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘[Plugin: Social Login] Process Doesn't work correctly for Twitter, LinkedIn or WordPress’ is closed to new replies.