Possible to show users what platforms are linked to their account?

(Daniel Roberts) #1

We are considering building out some functionality around tools which may require the user to have their discourse account linked to one or more platforms.

I have logged into meta.discourse with various social media logins however I’m not seeing an indicator that my user account is linked to those platforms.

Is there currently a way to show users what platforms their account is linked to and provide a way to link to one they are not currently linked to?

Add Social Account on User Profile (Coming Soon)
Discourse Version 2.1
(Jeff Atwood) #2

This is visible to staff / admins but not users. I tend to agree it would be good to show this to users on their prefs page for security reasons if nothing else cc @sam.

(Sam Saffron) #3

I have discussed this with @tgxworld in the past. This is something I want and will schedule for the next release.

The pain points I see now with social are:

  1. You can not see which social accounts you have enabled
  2. You can not revoke a social account
  3. You can not attach to an extra social account (unless it returns trusted email - which is not always the case)

So I would like to see 1 and 2 happen at least for 2.1 and maybe 3 if we have time.

(Jeff Atwood) #4

Given the security implications, we definitely need to prioritize this for 2.1.

(Alan Tan) #6

I don’t think this is possible from the Discourse side, the user can only revoke access via the site of the provider.

(Sam Saffron) #7

We can delete the record in twitter user info table to kill the mapping

(Alan Tan) #8

That doesn’t do anything useful though, the mapping would just be recreated the next time the user logs in using Twitter again .

(Sam Saffron) #9

Not really the case, twitter do not give us emails.

Also, say you want to associate a different github or google account to your account, eg stop using @gmail.com and start using @discourse.org? What if you want a routing email address like sam+test@gmail.com.

(Jay Pfaffman) #10

Also, it could be useful to know whether you have a password stored locally. With the ownCloud incident, I was pretty sure that I hadn’t given them a password, so wasn’t concerned that the password database had been comprised, but there was no way to know. (and it would have been a unique password anyway).

(Jeff Atwood) #11

Twitter does give emails now as I understand it. This changed a while ago.

(David Taylor) #13

(Jeff Atwood) #14

To be clear, this feature was added in Discourse 2.1 @dmr83457 so have a look at your preferences page :wink: