What in the facebook API becomes the password_hash and salt when a user signs up and authenticates using facebook?
They are remain empty.
I thought there was a portion of users who – if they have their facebook settings set a specific way – could possibly both authenticate using facebook and also set a password.
I think that’s my problem. Or I might have a different problem.
Either way I have a user with Facebook() as a login and a password_hash/salt in the db.
Edit: I just checked with a dummy facebook acct. A password_hash and salt are still being set at registration if I use facebook. So something on my end might be drastically wrong I just don’t know what.
I am not following.
It doesn’t matter at all. You don’t have chance to set password when using an OAuth services if they provide username and email.
The user can use their setting page to reset their password.
3 个赞
Users can authenticate against any of the available mechanisms. As long as the email is the same, a single account can authenticate against Google, Facebook, or a local password. Does that explain what you are seeing?
3 个赞
我也有同样的问题。为什么通过 OAuth 提供商注册的账户(我使用的是 Discourse OAuth2 Basic 插件)的 password_hash(或 salt)仍然存储在数据库中?我的实验证明,用户能够通过其首选项面板中的重置密码功能设置的本地密码登录(如果启用 OAuth2 并进行设置时没有禁用“启用本地登录”)。他们也可以通过其 OAuth2 提供商凭据登录。正如 pfaffman 所说,这两种机制都是允许的。
我想知道 password_hash 的初始原始值是多少?