Register using social auth

[TimotheeJeannin]

Hi,

It's great that social auth is supported but it would be awesome if users could register with social auth too.

I think most websites that support social auth also support it for registration.

Tim

[ademaro]

@TimotheeJeannin, hi!

So you can implement it in your application any way you want. I don't think it should be part of the flask-security.

Here's a little example:

@anonymous_user_required
@core.route("/auth/<name>")
def auth(name):
    client = oauth.create_client(name)
    if not client:
        abort(404)

    client.authorize_access_token()
    profile = client.userinfo()
    user = lookup_identity(profile["email"])  # Check if there is already such a user with this email
    if not user:
        user_datastore.create_user(email=profile["email"], is_active=True)  # Create (register) a new user
        user_datastore.commit()  # Updating the database with a new user
    login_user(user)
    user_datastore.commit()  # Updating the database for capturing the time of login
    return redirect(url_for("route_fn_for_user_dashboard"))

[chrisroat]

I think this is a great idea.

One important piece to consider is that the oauth dance returns an email, while the app may have a much more detailed User model with additional fields. So there will be missing fields in the oauth registrations, which a form-based registration would capture.

I believe the addition of an update-user-info endpoint would mitigate this issue. It would exist whenever the user model contains extra fields. It would serve two uses:

• any logged in user can update the extra fields by going to the endpoint
• if oauth registration is enabled, the user would be redirected to the endpoint to finish registration (if there are extra fields to be filled in)

Does this sound reasonable? Does it miss any cases?