How to handle social logins correctly with roles ?

On my site a user is required to select a role and city while signing up. Have also implemented login/signup with facebook and google. Social users are required to select role and city during the login/signup process. But what happens if such users does not select role and city ? What is the best strategy to handle such users ?

Lumethys

3 years ago

Level 5

i'm assuming you are doing something like Github "are you a devloper/ student/ ...." kind of thing?

you can separate the sign up the the "choose role"

something like

if user is not logged in -> redirect('/login');
else if user not set role yet -> redirect('/setup');
continue;

use a middleware for this, you can think of it as another layer of auth, aka. "anyone who want to reach my protected route need to pass the auth middleware check -> anyone who want to reach my protected route need to pass the auth and setup middleware check"

the idea is, people first create an account, then set it up, so even if they just sign up and close the site, you can make them set up the next time they go in. Of course, whatever method they use to sign in doesnt matter, because the setup process is now separated

for example: your user table would contain

id
//some other fields
email
password
gmail_id
fb_id

let say you have 2 user, one create an account and one use fb login:

 {				
id: 1
name: John Doe
email: null //email and password is null because he login with fb
password: null
gmail_id: null
fb_id: 12345
}

 {				
id: 2
name: Jane Doe
email: [email protected]
password: 123456789
gmail_id: null
fb_id: null
}

John sign in with FB: User::where('fb_id', $fbId)->first();

your app check: user id:1 logged in -> if isNotSetup() -> redirect(/setup)

Jane sign in with account: Auth::attempt(blabla) ;

your app still check user id:2 logged in -> if isNotSetup() -> redirect(/setup)

1 like