User became disassociated with their Twitter login

Hi,

Just wondering if someone could advise on this one.

We had a user who registered and seemingly wired up (we think) their Twitter account. They managed to post and earned some badges, updated their profile. All good. A couple of days later they were unable to login.

Having done a little digging it would seem on their account (Discourse) the “Logins” field is blank, e.g. doesn’t say “Twitter(RobMeade)” etc.

The email address field is populated and validated.

Our hosted solution is configured only for social logins (Facebook, Twitter, GitHub and Google).

They have confirmed the app is listed under Twitter / Settings / Apps etc.

What I cannot work out is how either the account became dis-associated with the Twitter account, or, if it wasn’t ever associated, how they posted?

Also - is there any way of resolving this without having to delete the user (Discourse) and get them to register again? I can’t see any admin options to associate the social account, and when they click on the Login button on Discourse, even when choosing Twitter they are then given the Create an Account modal window.

Any help on this one would be really appreciated - I can provide specific details for our hosted solution / member if it is of use - I’m guessing you can perhaps see some details behind the scenes (I did check logs and stuff but haven’t found a way to resolve yet).

Thanks in advance,

Rob

If they log in with any social account that provide email (facebook, google, github) they should log into the old account.

1 Like

Hi @Falco, thanks for such a quick response.

When you say “should log into the old account” - do you mean on Discouse? or on the social platform (in this case Twitter?) - and at what stage? Before logging into Discourse for example?

He has provided screenshots of what happens when he tries to login - takes him to the Create an Account modal each time.


Further thought…

If they created their account on Discourse, and had associated their Twitter account, but then later updated their email address under the Preferences on Discourse, would this break the association? If so… would setting it back to the original email address re-associate it?

Let’s say his Discourse account has the user@domain.com email associated.

If he try to log into Discourse using, let’s say, Facebook, and on Facebook he uses the same user@domain.com email, he will log into his old Discourse account just fine.

1 Like

So, chances are then the issue of him perhaps changing his email address could have caused this? e.g. changing his email address after he had associated the account to Twitter, to something that isn’t set up on his Twitter account.

Sorry, that read really badly… I will try again!

So… if he set up his account on Discourse using user@domain.com, associated the account with Twitter which also uses user@domain.com but then later changes his preferences on Discourse, and sets his email address to another_user@domain.com - this would break the association?

I believe that we had a window where accounts created with Twitter had a problem, so they miss some info that link a twitter and a Discourse account. This bug is now fixed, but an account that only logged in this window can be affected, please PM me the details so I can take a look.

But the user can still log using any other social method and it should work. Twitter is special in the sense that they don’t provide emails.

Twitter is special in the sense that they don’t provide emails.

Oh right… ok I will PM you the details…

I did set up a test account for myself and have been trying to break it but I haven’t been able to replicate whatever the user did - I always seem to end up being able to log back in! PM details now - thank you! :slight_smile:

That’s no longer true @falco as of 2016 and later Twitter does provide email at login.

1 Like

Does that mean if the user changes their email address after using a different email address on the social account it may break the link then Jeff?

Sorry I am not following your question? Can you provide step by step of what you are describing?

Sorry Jeff… sure, I will try again :slight_smile:

So, if I have a Twitter account and my registered email address there is user@domain.com and I then come to the Discourse forum and choose Twitter as my preferred social login, presumably, the email address entered on the Create a New Account screen has to match?

Assuming so, and this is part of the association between the two systems, if I later update my email address within the Preferences page in Discourse to say another_user@domain.com (e.g. a different email address to the one used on my Twitter account) - will this dis-associate / break the link between the Discourse account and the Twitter social login?

Displaying then nothing under the “Logins” section of the users account within Discourse, e.g.

… erm, I just went to visit the user having the difficulty with this only to find it now says “Twitter(their username)” next to Logins…

lol… just received a message from @Falco also, so I think it may be fixed!

Your Discourse email will be set at the time of account creation to the value that is currently used for that social login that you used to create your account.

It’s indeterminate what happens if you

  1. sign up with a social login (not add a log in*, sign up with)
  2. later change your email on the social login side.

I do know that:

  • The association is definitely not broken between the accounts as we store a unique provider specific key
  • Your Discourse email is obviously unchanged

Any comments on this case @sam?

* Since the launch of Discourse in 2013, you’ve always been able to add any login method that maps to the exact same email address.

It’s quite odd, @Falco has configured it for us behind the scenes and I will get the user to try to log in, I’m sure it will be ok now.

As far as I can see we are only accepting social logins, as such, without one I don’t see how the user could have posted (the one post) which he made before he had these issues without having the associated login. That leads me to assume that something happened after that post to his account but admittedly I have been assuming at the Discourse end, e.g. perhaps he changed his email address. I hadn’t considered he may have done this at the Twitter end, but looking at the usernames in question, and the email address I wouldn’t have thought so, as they all seem the same.

Just out of interest, as this was something I couldn’t see as a user on Discourse, where you mention Jeff about “(not add a log in*, sign up with)”, where do you actually “add” them as a user? Or is the “adding” done behind the scenes when you click on “Log In” and then select anyone of the social platforms (e.g. Google, Twitter etc), as this was something I thought I may have been able to do for the user, and/or remove.

Not something I’m overly familiar with as from day one I think I just hit Google and haven’t ever worried about it since as it just worked! :slight_smile:

Correct as far as “add login method”, that is how. Log in with anything that maps to the same verified email address.

Ok cool - beginning to understand more - thanks! :slight_smile:

So, that makes it feel like maybe if was an email address change at the social end then, I can ask the question obviously and see what comes back.

I think I will test this myself also for peace of mind. I’m trying to ascertain what may have happened so that should it happen again (probably not until enough time has passed for me to forget!) we can deal with it, hopefully, without having to trouble you :slight_smile:


08/03/2017 @ 09:42

Just as an update - the user has confirmed that they can now access the forum via the Twitter login - thanks @Falco for re-associating.

The user also confirmed that they had not changed their email address (at either end), as such I am at a bit of a loss as to what could have happened… thoughts / suggestions welcome, but happy to wait and see if it occurs again in the future.

2 Likes

As a general rule all our auth providers do not update emails on discourse side when for some reason it changes on the auth provider side. This is technically possible but there is no right answer as to what should be done.

2 Likes

@david does your recent work here address this?

There is much more visibility around associating accounts, but what @sam said is still true

The only exception to that is when you enable specific settings on the OIDC or OAuth plugins.

4 Likes