search

jrallison / authlogic_oauth

Authlogic OAuth is an extension of the Authlogic library to add OAuth support. OAuth can be used to allow users to login with their Twitter credentials.
authlogic-oauth.heroku.com
MIT License
165 stars 25 forks source link

OAuth tokens change allows user to register multiple times #18

Closed mtjhax closed 13 years ago

mtjhax commented 13 years ago

In my project I am using the register button as a single login/register feature and relying on authlogic_oauth validations to prevent me from registering a user more than once -- if user.save fails, I try to log them in with the existing user. I discovered that OAuth tokens from Twitter sometimes change, circumventing the authlogic_oauth validation on unique tokens, causing me to register the user a second time.

The only fix I can think of is a hack -- generally the first part of the OAuth token will be the user ID, and you need to validate that the user ID is unique. If user.save fails the existing token and secret should be updated and used to login.

It's possible I'm just approaching the whole thing the wrong way. If anyone has run into or overcome similar issues, please chime in.

jrallison commented 13 years ago

Hey mtjhax,

That sounds reasonable. However, this project hasn't been maintained in quite a while. I'd recommend switching to one of the more recently maintained forks like https://github.com/logankoester/authlogic_oauth

Cheers, John