facebook one-login authentication

Im adding facebook one-login to my website. Just wanted to get some feedback from people who have already implemented it.

At the moment im allowing user to login to my site using fb:login, providing they have a valid account on fb and login successfully, if the same email address thats returned from fb matches my email address I ho开发者_Python百科ld in my own database, they will automatically be logged in to my site.

The problem I have is, im finding hard having just the email as my main authentication between the user and the my site. For those who have already implmented this, could you please share some of you loggic (theory) on how you autenticate the user when you're logging them onto your site.

I had the same problem than you. I had users in my database with their name and email address and I wanted to add the Facebook connect plugin.

Now, on the login page, I let users choose between standard and Facebook login. If one choose Facbook login I retrieve his Facebook ID with the Facebook PHP SDK (see on github) :

$facebook = new Facebook(...);
$id = $facebook->getUser();

• If I have this Facebook ID in my records, I log the user in.

• If not, I retrieve his email adress :

  $profile = $facebook->api('/me');
  $email   = $profile['email'];
  

  • If I have this email in my database, I store the facebook ID in that record (for the next time) and I log the user in.

  • If not, I create a new record with the Facebook ID and the email. After that, the user can set a password in his settings to be able to log in with the standard login (without Facebook).

You may want to check the example of the Facebook PHP SDK out to better understand how the flow works.

Hope that helps.

I have also done this. I have now understood that you do you want to match the email address that if user changes his email address you want to update it. Its simple solution is that store the user information in your database. What I have done, I store the user profile id returned by the facebook as user name and by converting into md5 I store the same profile ID as password and email adress returned by the user. Now every facebook user has its unique id in my database. Whenever user comes to my site and logins with facebook, There are two cases

1- I compare the profile id with my database and if record found I always update the email address in that particular field returned by facebook.. Now I can have the latest email address of the user.
2- if the user is not in my database then I insert the record by applying the above method.

Hope it will help you