Google oAuth improvements
Options
Tom
Member ✭
If I understand this correctly, Google oAuth signup creates id, name, email in google_oauth. This id is not changing after it's been created and it acts as an identifier between Google and specific user in Xano.
The problem with current setup in Xano comes into play if your user already exists (e.g. password, magic link etc) and they click on "Continue with Google". Current api setup checks if the google_oauth has id, which is doesn't, so it tries to create a new user. Xano won't allow this since the email already exists in the table (throws duplicate entries error).
I've adjusted my stack to check for google_oauth.id, followed by email check. Only if both are null, continue to creating a new entry in the users table, otherwise just update google_oauth on the existing user.
I believe this should be default behaviour, since this allows previous magic links/password users to continue with Google later on. But would love to hear your thoughts and potential drawbacks/security implications if any.
The problem with current setup in Xano comes into play if your user already exists (e.g. password, magic link etc) and they click on "Continue with Google". Current api setup checks if the google_oauth has id, which is doesn't, so it tries to create a new user. Xano won't allow this since the email already exists in the table (throws duplicate entries error).
I've adjusted my stack to check for google_oauth.id, followed by email check. Only if both are null, continue to creating a new entry in the users table, otherwise just update google_oauth on the existing user.
I believe this should be default behaviour, since this allows previous magic links/password users to continue with Google later on. But would love to hear your thoughts and potential drawbacks/security implications if any.
Comments
-
great observation. You are right, it should check for both for your scenario.
The implementation assumed that you would only use the oauth implementation which means the emails would be unique, but if there was a user with an email already setup then it would run into the issue you mentioned.
Categories
- All Categories
- 53 ? Announcements
- 47 ? Releases
- 37 ? Welcome
- 983 ? Help! I'm a Noob
- 125 ? No-Code Front-Ends
- 633 ? Working with APIs
- 439 ? Transforming data
- 126 ? Connect Xano to ...
- 50 ?? Find an Expert
- 348 ❓Other questions
- 35 ? Security
- 22 ✂️ Snippets
- 19 ? Showcase
- 7 ?️ Xano Chatter
- 62 ? Video Tutorials
- 171 ? Request a feature
- 229 ? Report a Bug
- 19 ? Templates & Extensions
- 7 ? Feedback