Use both email and phone number in Account kit together - facebook

I am working with facebook Account Kit. During signup, I want the user to verify both email and phone so they can login with either of them. But currently facebook lets only phone or only email for one user id. Is there a way I can use both for a single user?

No, there is currently no way for an email and a phone number to share the same user ID. You would need to handle this yourself by using only one of these values as the user ID, and having an association between these 2 values.

Related

Facebook test users with phone number instead of email

I've been trying to create a bunch of test users for my test application that will be mocking a case when user signed up to Facebook using his phone number (not his email).
Turns out that the tool to create test users (App -> roles -> test users) allows to create only users who have email and there's no way (AFAIK) to change the data without logging in to Facebook as this user and changing his account settings.
Is it not possible or am I missing something?
EDIT 1:
I'm not actually able to add a phone number without verification
As others say there is no way to have test user without email address.
What you can do however is to create test user and when logging into your app deny access to email. It will have nearly same effect as logging in with user that has phone number instead of email. You can do it in edit section while logging in(as shown in pictures)
Unfortunately, there is no way to add testers with their phones. You can add your testers by their fbids or usernames.

User's phone number in messenger bot?

Is it possible to get user's phone number from web hook sent by messenger bot when a user initiates a chat?
I need to check if a user by phone number is existing in my database or not.
No you cannot do it, check it.
https://developers.facebook.com/docs/messenger-platform/user-profile
One system you can apply, when anyone enter the bot first time check the psid in this user exist in db or not, so when if not exist, send a message "Please enter your number", if number match the db then update psid.
So need to access user phone number once time in chatbot lifetime,because when after verification you again insert the chatbot, it shows you verified because your psid then exist.

How to get email and username when Facebook registers

As far as I know, on the new Facebook API, there is no way to get the Facebook username. Also, if the user registered to Facebook, his or her account might lack an email address if he or she logged in with a phone number.
However, I am working on a project, where, upon login with Facebook, if the user does not have a user, then the Facebook login is interpreted as a registration. Since, according to my best knowledge, there is no way to get the Facebook username using the API, I am using the email field to generate a username, taking into account only letters.
However, in some cases, the username generated this way is duplicated, or the Facebook account does not have an email address. The best solution I can think about is to redirect the user to a form where he or she can enter the email and/or the username, but that would not help the user-experience.
Is there a way to gather these data without making the user enter them? Or something close to it?
First of all, you should always present the data you want to store to the user BEFORE you store it, and let him change it.
That being said, the (App Scoped) ID is the only thing that is really unique, you can either use the email directly (if the user is already registered, just add the Facebook ID to your database) and present an input field if there is no email - or generate a username with his first and last name. Present the chosen username to the user and let him change it, or tell him that it already exists.
After all, wouldn´t a user WANT to choose his username?
If you want to make it smooth for the user and don´t want to bug him in anyway, you can just store his Facebook ID. Or just use the email directly as username (including the # sign and the domain), as i wrote above. If that´s not good enough, you need to implement your own routine to auto-generate usernames. There´s no general logic from Facebook to do this.

Integrate social network login however authenticate using existing credentials

We are looking to integrate Facebook, Google, Twitter into an existing site.
Unlike most implementations, the user MUST be a customer prior being able to login with Facebook, Google, etc. The current database design is as follows;
userid | username | password | customerno
So the idea is if a user decides to login using Facebook, we need to validate that they are also an existing customer using their customer number which is alphanumeric. Once authenticated, they are no longer required to authenticate using their customer number. If they are not yet a customer, they will first need to create an account with us.
Do I need to design a new table for each provider? If so what should the design look like?
How do I authenticate a user who has logged in using Facebook with their existing customer number?
How do I authenticate a user who has logged in using Facebook with their existing customer number?
That depends on what criteria you have to recognize someone as a customer …
IMHO the best and easiest way to connect Facebook users to existing accounts on some other page is the email address. If you don’t have that, and see no other reliable way to identify someone as a customer with the data that Facebook can provide – then maybe you could just ask the user for their customer id on your site before connecting their Facebook account.
As for your database design – if you read the email address on every connect/login, then you could just look that up to find your user id. Otherwise, you could either add extra fields to your existing user table, where you save someone’s Facebook/Google/... user id. But if you want to use multiple services, maybe it’d be better to put this data into a second table like
userid | foreign_user_id | type
where type would be one of 'facebook', 'google' etc. to identify the login provider that foreign_user_id comes from.

Do we need client-side flow or server-side flow or both to implement the login with facebook feature?

Currently on my website, users login with their login id and password, they are also required to enter their email when they register. Both login_id and email column on the users table have unique index. users table also stores other data associated with the user such as gender,last_name,first_name but these are optional (nullable) fields.
There are two changes I would like to make to the website.
The first one is, users can use their email (in addition to login_id) to login. For new users, when they register, they no longer need to provide a login_id because they will be using their email to login.
The second change is, they can login with facebook. For new users, if they login with facebook for the first time, their facebook uid will be obtained and stored in my database. This means I will have to add a facebook_uid column on the users table.
For existing users, when they login with facebook for the first time, I should first obtain their email address from their facebook profile and then check if there already exists a record using that email in the users table, if yes, their facebook uid will also be stored on the facebook_uid column on that record.
According to facebook, its platform supports two different OAuth 2.0 flows for user login: server-side flow and client-side flow. Which one or both is required for this use case?
Also, what problems can be anticipated when I implement the features like I describe above?
You could take either approach for this, it's entirely up to you. Both methods will give you the data you need, it's a question of how comfortable you are working on the back vs front end. You just need to ask for permission to access to the user's email address.
Problems that could happen: I'm not sure but there may be legal restrictions on storing the user's Facebook ID. Also, what if someone (not me, an evil person!) registers with my email address and you don't validate that they really have access to that address - then when I log in via Facebook, the app will assume we're the same person and the evil hacker now has access to my account. Unlikely scenario but could happen...