Logins with Google and Facebook


(Adam Beers) #1

If I allow Google and Facebook logins, how are those users created in the Discourse server using API calls?


(Blake Erickson) #2

(Adam Beers) #3

What happens if the user forgets their password? How does it work in this case you mentioned with Twitter?


(Blake Erickson) #4

Can’t they just go to twitter and reset their password?


(Adam Beers) #5

But then how is that linked with discourse? I’m not sure how the interaction between Twitter and Discourse works on that level, that’s why I’m asking. I assume it would be similar for a Google or Facebook login, but not sure how those work either.

If someone creates an account using their Google account. What password gets set in the Discourse database? If it doesn’t get set, then what gets set? How does Discourse know it’s a valid user?


(Blake Erickson) #6

I suggest you do some reading up on how oauth works. This might help:

but there is probably something better out there.

Basically discourse doesn’t know or get access to your your twitter/google/facebook password. When you log in with twitter, twitter sends an auth token to discourse that says you authenticated and thats what it uses for authentication until you sign out.