I guess it's ok - the assumption here is that the provider has already verified the e-mail address being used. And there's another catch: You should reset the user password and clear all their auth sessions if you find an account where they haven't verified their e-mail to avoid a highjacking (account created by ill-intentioned user using your e-mail, you signing in with your social, then the ill-intentioned user can login using the password). Some pseudo code: $user = User::findByEmail('$socialiteUser->getEmail()); if (!$user->hasVerifiedEmail()) { // reset password, clear auth sessions } else { // user is new, just create it and set their email_verified_at to now() }
Nice tutorial 👍
Nice tutorial
Awesome, thank you!
very nice tutorialssss
In the past, it was nearly impossible to get the oauth user email from Twitter.
Thank You , nice tutorial !!
is it fine to have updateOrCreate on user so they have flexibility to have different ways either password or social login? or there is some catch
I guess it's ok - the assumption here is that the provider has already verified the e-mail address being used.
And there's another catch:
You should reset the user password and clear all their auth sessions if you find an account where they haven't verified their e-mail to avoid a highjacking (account created by ill-intentioned user using your e-mail, you signing in with your social, then the ill-intentioned user can login using the password).
Some pseudo code:
$user = User::findByEmail('$socialiteUser->getEmail());
if (!$user->hasVerifiedEmail()) {
// reset password, clear auth sessions
} else {
// user is new, just create it and set their email_verified_at to now()
}
It does not work with laravel jetstream (can't login)
I know about socialstream package, but I want do it by myself
What if we have spreated frontend server like Vue spa app
How we can setup the flow??
Thanks a lot ..
side question .. how do you make that default profile picture with the letters of the username ..
Thanks