Closed mbleigh closed 15 years ago
bjeanes
commented
15 years ago This is an awesome point. Also for sites offering twitter login as one of a few options, this could be used to prevent someone creating an account normally then someone from twitter with the same login could login with twitter and essentially hijack the existing account.
mbleigh
commented
15 years ago Closed by 43738b56ba53e75c89832df0c75fd20a3152dfca - Now uses Twitter ID as the lookup mechanism for OAuth and HTTP Basic. Requires twitter_id string column in the users table.
tsmango
commented
15 years ago Thanks for moving my ticket to this issue tracker and for closing it out! I'll post future tickets here.
It would be nice if the twitter user id was stored in the users table. I realize that the current implementation using the TWITTER_ATTRIBUTES array won't work because twitter returns 'id' back and that would collide with the id column already in the users table. Perhaps this could be caught and written to a twitter_user_id field?
I would assume that because the twitter user id isn't stored in the users table, if a user comes to your site and generates data, then goes to twitter and changes their twitter username (which twitter allows them to do) then comes back to your site, all of their data is no longer associated with their account (because the only thing you have to go by is the username rather than the underlying id).