Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Merge accounts with social and site without password.

Former Member

on ‎2019 Sep 26 1:13 PM

0 Likes
2,411

Hello Experts,

We are using social login option for Gigya and need your view if we can suppress the pop-up for account merge and directly merge the accounts if the email is same. The issue happens when my first account is site account and then I forget the password or wish to use the social option and click on social icon which has the same email to what i had initially registered with. Now when i login with social i am taken to the default link account screen where i need to provide the password for my initial site account, unfortunately this is not the best design considering the user experience/journey as the expected behavior is the system merges the account in the backend automatically. Is it possible to suppress the link screen and proceed directly with linking of account.

Thanks

Vineet

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (5)

Answers (5)

ritanshi12
Discoverer
‎2019 Nov 19 5:17 AM
0 Likes

Hi fredig spu230479 ,

I have a similar situation in my project. We followed the above suggested approach. Is there any way, after the account merge is successful from the server side, the user session is retained and the user is logged in successfully? In this scenario the userInfo is returned till the time user is asked for merging the accounts. In the networks tab, getAccountInfo is showing the response with the 2nd social login identity.

As per my understanding of the standard scenario the session of the re-authenticated account is retained and user is logged in with that account

Is there a way that after merging the two accounts we can still login the user. Here in NotifyRegsitration the accounts are being merged without the password.

Regards,

Ritanshi

Show replies
Show replies
spu230479
Participant
‎2019 Sep 30 3:38 PM
0 Likes

Hi vineet.kaul,

With some custom dev Vineet this flow could be achieved by capturing the error messages from the javascript.

So what you can see from the screen shot above the email address andUID for temp identity created with Facebook in the getAccountInfo response to perform the link server side. You could capture this email address and UID where the conflicting account has been identified then the pass these server side, retrieve the conflicting account and manually add the social identity. You could then perform a notifyLogin servers side and return a client session. This is just one example of how this could be achieved. This approach would require some testing to be validated.

Thanks
Stephen

Show replies
Show replies
Former Member
‎2019 Sep 30 2:02 PM
0 Likes

Hi spu230479

Thanks for the details. I understand the risk you are highlighting but still trying to understand in what case will i as a user have someone else registered with my email as a site account and me using a social account with that email since all accounts require verification so even if someone does register it will never be verified since the email will always come to me.

Even so, if i do not link the accounts and keep social and site separately, it will still create a site account once i start updating my profile for social account. and once the site account is created, i can use the reset pwd flow to set the password, now how does Gigya identify which email is actually requesting for password reset if both have same email address?

Thanks

Vineet

Show replies
Show replies
spu230479
Participant
‎2019 Sep 30 8:12 AM
0 Likes

Hi vineet.kaul the exact behavior you are looking for is not possible for a number of reasons. The main reason is that you can not always guarantee that the site account that already exists is owned by the person whom is logging in with the social identity, if an auto link was to take place you could expose PII and other data to someone whom did not own this data and this would be a huge risk.

It is possible however to add additional authentication methods to accounts using the our addConnection API (this does require the user to be authenticated into their site account) https://developers.gigya.com/display/GD/socialize.addConnection+JS so there are ways that this potentially could be achieved or a similar flow with some customisation.

I'd recommend engaging with Professional Services so that they can assist you with the different implementation options to achieve you desired flow. jonathan_gardner would be a good contact to arrange a services engagement.

Show replies
Show replies
Former Member
‎2019 Sep 29 12:56 PM
0 Likes

spu230479 fredig any idea's on how this can be achieved?

Thanks

Vineet

Show replies
Show replies
Ask a Question