Possible to show users what platforms are linked to their account?

We are considering building out some functionality around tools which may require the user to have their discourse account linked to one or more platforms.

I have logged into meta.discourse with various social media logins however I’m not seeing an indicator that my user account is linked to those platforms.

Is there currently a way to show users what platforms their account is linked to and provide a way to link to one they are not currently linked to?

3 Likes

This is visible to staff / admins but not users. I tend to agree it would be good to show this to users on their prefs page for security reasons if nothing else cc @sam.

6 Likes

I have discussed this with @tgxworld in the past. This is something I want and will schedule for the next release.

The pain points I see now with social are:

  1. You can not see which social accounts you have enabled
  2. You can not revoke a social account
  3. You can not attach to an extra social account (unless it returns trusted email - which is not always the case)

So I would like to see 1 and 2 happen at least for 2.1 and maybe 3 if we have time.

8 Likes

Given the security implications, we definitely need to prioritize this for 2.1.

6 Likes

I don’t think this is possible from the Discourse side, the user can only revoke access via the site of the provider.

We can delete the record in twitter user info table to kill the mapping

2 Likes

That doesn’t do anything useful though, the mapping would just be recreated the next time the user logs in using Twitter again .

1 Like

Not really the case, twitter do not give us emails.

Also, say you want to associate a different github or google account to your account, eg stop using @gmail.com and start using @discourse.org? What if you want a routing email address like sam+test@gmail.com.

Also, it could be useful to know whether you have a password stored locally. With the ownCloud incident, I was pretty sure that I hadn’t given them a password, so wasn’t concerned that the password database had been comprised, but there was no way to know. (and it would have been a unique password anyway).

1 Like

Twitter does give emails now as I understand it. This changed a while ago.

4 Likes

To be clear, this feature was added in Discourse 2.1 @dmr83457 so have a look at your preferences page :wink:

2 Likes