How to identify a returning user? Should provider-id not be added in token? #47
Comments
|
I'm not entirely clear about your issue. When you "compare" users, where do you want to do that? Maybe you could provide the full context/purpose? |
|
@lipp { accessToken: 'ya29.XXXXXXXXXXXXXXXX',
profile:
{ username: 'Slava Ganzin',
name: 'Slava Ganzin',
provider: 'google',
photo: 'https://lh6.googleusercontent.com/-RwB2-OTm4ck/AAAAAAAAAAI/AAAAAAAAAGs/ig-EN1poL50/photo.jpg?sz=50' },
iat: XXXXXXXXX }Where both iat and accessToken are temporary identifiers and what @djshitcoin and I want is permanent identifier (part of google oAuth answer): { kind: 'plus#person',
etag: '"XXXXXX"',
objectType: 'person',
id: '107965373576397404746',
displayName: 'Slava Ganzin',
name: { familyName: 'Ganzin', givenName: 'Slava' },
url: 'https://plus.google.com/107965373576397404746',
image:
{ url: 'https://lh6.googleusercontent.com/-RwB2-OTm4ck/AAAAAAAAAAI/AAAAAAAAAGs/ig-EN1poL50/photo.jpg?sz=50',
isDefault: false },As you see 107965373576397404746 is my public identifier. Which we can use to link two devices together or identify user next time. You can get this id using google Api and accessToken, but this would over complicate everything for no reason |
Merged
|
so you'd like to have the |
|
Fixed test in #59 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I have a simple question. Say I've logged in once and got a JWT, and then log in on another machine using the same social account. Maybe I'm mistaken, but I can't find any way to (easily) tell that both tokens belong to the same person since the provider ID doesn't seem to be stored in the token. So is there a way to identify a user without having to make a request to the provider API with the given access token?
The text was updated successfully, but these errors were encountered: