[sebastianvirlan]

Hi, I am trying to implement Facebook authentication with Ion Auth. So I have the following method:

Code:

public function login() {

    //$this->ci->load->library('ion_auth');
      // null at first
    $code = $this->ci->input->get('code');
    
    // if is not set go make a facebook connection
    if(!$code) {
      // create a unique state
        $this->ci->session->set_userdata('state', md5(uniqid(rand(), TRUE)));

          redirect($this->login_url());
      } else {
        // check if session state is equal to the returned state
      $user = $this->get_user();
      if($user) {
        // check if this user is already registered
        if(!$this->ci->ion_auth->identity_check($user['email'])){
          //$name = explode(" ", $user['first_name']);
          $register = $this->ci->ion_auth->register($user['first_name'].$user['last_name'], 'facebookdoesnothavepass123^&*%', $user['email'], array('first_name' => $user['first_name'], 'last_name' => $user['last_name']));
          $login = $this->ci->ion_auth->login($user['email'], 'facebookdoesnothavepass123^&*%', 1, TRUE);
          if($login) {
            $user = $this->ci->ion_auth->user()->row();
            redirect('/account/profile/'.$user->username, 'refresh');
          }
        } else {
          $login = $this->ci->ion_auth->login($user['email'], 'facebookdoesnothavepass123^&*%', 1, TRUE);
          if($login) {
            $user = $this->ci->ion_auth->user()->row();
            redirect('/account/profile/'.$user->username, 'refresh');
          }
          //print_r($login);
        }
        return true;
        }
        else {
          return false;
        }
      }
    }

The problem is, if user will set a custom password from his account and will try to login on my website with facebook will fail. How can I do?

[sebastianvirlan]

Anyone please? I want to implement a facebook login button. But after login if user change the password from his account on my website, user will cannot log in with facebook anymore.

[mwhitney]

If you want a user to be able to log in to one account with multiple credentials (e.g. facebook and his login/password specific to your site), you will have to separate the account information from the authentication information. Unfortunately, I'm not familiar enough with Ion Auth to really tell you how to do that.

[sebastianvirlan]

I only need the logic, for example on this website: ask.fm, you can register with facebook, then you can change the password of the account and continuing to login with facebook and standalone.

[mwhitney]

If I have a table for user accounts, there is a tendency to just use that same table to store the authentication information. In most cases this is fine, because a site may only have one form of authentication or a user may only login using one authentication method.

However, if I want a user to be able to log into my site using any number of authentication methods, I have to separate the authentication data from the user account information. In most cases, you would use some form of reference to lookup an account based on the authentication. Since each account may have multiple forms of authentication available, but a particular form of authentication may only access one account, you have a one-to-many relationship between accounts and authentication methods. The easiest way to setup this type of relationship in a database is to add a foreign key to the authentication table(s) which stores the value of the primary key for the user account. Then you authenticate the user based on the information in the authentication table, and, once they've logged in successfully, get the user account information by looking up the user account with the foreign key (you can get all of the related data with a join in your database query, but it may be better to avoid pulling user account information until you've authenticated the user).

For your example, if I log into the site for the first time using my facebook account, the site gets some information from my facebook account to build a user account and stores the information to associate my facebook account with that user account. If I change the password to my local account on the site, it is basically creating another authentication method for my account, but leaves the association with my facebook account alone, so either method is a valid method for accessing the site. Some sites may even permit you to associate other social media accounts with your user account, so you can log in using multiple social media logins.

No matter how they do it, the central idea is that the user account and authentication method are two separate pieces of information. It may even be possible to do this with just one database table (by adding fields for all of the possible authentication methods to one table), but this would be inefficient in most cases.