tags:

views:

106

answers:

3
+1  Q: 

How to uniquely identify someone in oAuth

I'm currently creating a web app using Google's oAuth. I was wondering how I can uniquely identify an authenticated user so I don't accidentally add duplicates.

A: 

You should save somewhere the user_id you have for your users in your site, along with the corresponding access_token and access_token_secret.

Then you can query that table (or wherever you save that information) with the user_id and obtain the proper tokens

Regards

Pablo Fernandez  2010-05-03 02:04:12
I'm not sure how that helps. The problem is that a different token/token_secret is provided every time a user signs in -- even if it's the same user. So if a user connects an account a second time (for whatever reason), my script would not be able to tell that it's a duplicate, and would add it. I would want a way to prevent that.
Joseph  2010-05-03 02:21:28
Check if the user has already a token, if so use that, if not perform the OAuth workflow.
Pablo Fernandez  2010-05-03 21:07:46
That only helps if a user can only add one account. However, in many apps, users can authenticate multiple accounts
Joseph  2010-05-04 05:06:42
+1  A: 

Doesn't Google give you other unique params like user name or user ID?

For example, Twitter and Facebook, give you user name and a unique url that identifies user's profile picture. If you save that params on server-side you can identify user next time that he comes on your site.

Manuel Bitto  2010-05-03 09:22:30
That's precisely the problem. As far as I can see they don't. All they return is the token and token_secret.
Joseph  2010-05-03 13:29:35
Yeah, i think you should check if you can get some user's params querying google with those tokens, and store them in your db.
Manuel Bitto  2010-05-03 14:19:18
Well I have, for example, been able to get their email address by parsing a Gmail feed. But: a) it's far from ideal (extra request causes latency) and b) It's not permanently unique because users can change their email address if they want [at least that's what Google says]
Joseph  2010-05-04 05:09:49
A: 

The best way to do this would be to use OpenID with the oAuth extension (aka hybrid).

Joseph  2010-05-14 01:35:36

related questions

How can I get a history of the number of pages in Google's index for a particular site?
How can I get a history of a website's PageRank?
Integrating with Google Docs
Tool/framework for automated web app testing in Google Chrome browser?
Google Authentication API: How to get the user's gmail address
How to Crack Google?
How can I get Google Charts to display multiple colors in a scatter chart?
Best way to implement Google Custom Search on an aspx page
How to compile a java application which uses Google webdriver from comand line without ant
Biggest differences of Thrift vs Protocol Buffers?
Google maps style scrolling anyone?
How to make Flex RIA contents accessible to search engines like Google?
Blocking part of a website
Getting Good Google PageRank
How does google make make those awesome PDF reports in Analytics and when you print a Google Doc etc?
How do you implement a "Did you mean"?
Google using non-alphanumeric characters
how to get the googlebot to get the correct GEOIPed content!?
Using VLOOKUP in an array formula on Google Spreadsheets
The Google Calculator Glitch, could float vs. double be a possible reason?
Google Analytics Access with C#
Picasa Plugin
Java code for WGS84 to Google map position and back
Stand alone charts in GWT
Options for Google Maps over SSL