You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So you can implement it in your application any way you want. I don't think it should be part of the flask-security.
Here's a little example:
@anonymous_user_required@core.route("/auth/<name>")defauth(name):
client=oauth.create_client(name)
ifnotclient:
abort(404)
client.authorize_access_token()
profile=client.userinfo()
user=lookup_identity(profile["email"]) # Check if there is already such a user with this emailifnotuser:
user_datastore.create_user(email=profile["email"], is_active=True) # Create (register) a new useruser_datastore.commit() # Updating the database with a new userlogin_user(user)
user_datastore.commit() # Updating the database for capturing the time of loginreturnredirect(url_for("route_fn_for_user_dashboard"))
One important piece to consider is that the oauth dance returns an email, while the app may have a much more detailed User model with additional fields. So there will be missing fields in the oauth registrations, which a form-based registration would capture.
I believe the addition of an update-user-info endpoint would mitigate this issue. It would exist whenever the user model contains extra fields. It would serve two uses:
any logged in user can update the extra fields by going to the endpoint
if oauth registration is enabled, the user would be redirected to the endpoint to finish registration (if there are extra fields to be filled in)
Does this sound reasonable? Does it miss any cases?
Hi,
It's great that social auth is supported but it would be awesome if users could register with social auth too.
I think most websites that support social auth also support it for registration.
Tim
The text was updated successfully, but these errors were encountered: