hey a few questions please! - 1) if i have users w...
# support-questions-legacy
m
hey a few questions please! - 1) if i have users who both have passwords and social login in my db and i migrate them, do I simply just call both http://localhost:3567/recipe/signinup and http://localhost:3567/recipe/user/passwordhash/import using the same email address? it doesn't seem to be mapping to same user id for me, is it because i didnt activate account linking? https://supertokens.com/docs/thirdparty/common-customizations/account-linking/overview 2) If account linking is needed how much would that cost with self-hosted service? i think this paid add-on 3) is it a must for me to have the frontend sdk for me to implement supertokens social login? can we just do the third-party migration step and manually call the endpoint?
r
hey @mighty_g10
1) that is correct. You need to enable automatic account linking in the core for this. See the manual account linking page here which would be useful during migration: https://supertokens.com/docs/thirdparty/common-customizations/account-linking/manual-account-linking 2) It's there in our pricing page. It's $100 / mo for < 10k MAU, else it's $0.01 per MAU after that 3) you don't need to use our SDK. However, then you have to manually manage session tokens as mentioned here: https://supertokens.com/docs/session/quick-setup/handling-session-tokens#if-not-using-our-frontend-sdk
m
would it make sense to save both the supertokens id one from migrated emailpassword and another from the migrated thirdparty instead in our db as a workaround?
r
That wouldn’t really achieve account linking. It would be two distinct users in that case
What kind of MAU volume are you looking at?
m
over 400-500k so its a bit steep
r
Right. That’s in our bulk pricing. Open to have a discussion about this to come up with a pricing that works for both of us
m
yeah i guess its more of linking the 2 supertoken ids in our db with our existing user id so that we can reverse map it when we need to know the user id. this way we can achieve both login of user in social and email
r
That may introduce security issues!
And the user management dashboard we have would show them as 2 different users.
And some flows like users wanting to implicitly create and email password account if they have a social account via password reset flow won’t work
m
ohh i see. curios, what security issues could we possible face with this workaround? and what did u mean in the other message - do u mean like if they choose to add a password when they first initialized their accoutn with a social login?
r
Have a look at this page for security considerations: https://supertokens.com/docs/thirdparty/common-customizations/account-linking/security-considerations A lot of them would not get checked by supertokens if yuou don'
if you dont enable account linking on our end and do it yourself.
you of course have the option to manually implement them yourself too if you want.
> and what did u mean in the other message - do u mean like if they choose to add a password when they first initialized their account with a social login? So lets say a user has a google account, and then next time, they try email password login cause they thought they had that. It would show them wrong credentials error cause there is no email password login for them. So if they try doing a password reset flow then, it would implicitly create and link the email password account with their existing google account if accountt linking is enabled on supertokens. Otherwise, it would not send them a password reset email at all.
m
> So lets say a user has a google account, and then next time, they try email password login cause they thought they had that. It would show them wrong credentials error cause there is no email password login for them. oh okay would this still be an issue if i created two accounts with the same email? like calling the two endpoints http://localhost:3567/recipe/signinup and http://localhost:3567/recipe/user/passwordhash/import
r
not really. That would allow it caused it's like an admin endpoint. Whereas the user facing endpoint might behave differently.
m
im sorry may u elaborate further? im thinking if we create 2 accounts (1 social and 1 email/password with the same email), then shouldnt be an issue for them since theyll be able to login into both?
r
oh yea, but what about new users for whom you want to link accounts too?
m
oh right so if they have an existing email password and they want to login with their socials? i was thinking if "account linking" would be handled in our db: a field for the email password supertokens id and another for the thirdparty supertokens id in the existing user document/data
r
you could theoritically do that, but then you would have to implement the safeguards for the security cases yourself
m
these ones specifically right?
r
yup
m
For 3, I have @abacritt/angularx-social-login on my angular app already to handle social logins. Do I need to remove that package and rely on these (screenshots) to be able to login via the backend SDK?
r
Not necessarily. I assume that that liv gives you the ID token of the user. Right?
m
Sorry for the late reply. Yes idToken is part of the return type upon signing in with the lib
not sure how to go about this one, been reading the docs but im a bit confused how to do social login with my current setup - hope i can get some help!
r
See the custom UI section -> mobile code tabs. You will see which APIs to call with the idToken
Or authCode
You can even which api to call here: supertokens.com/docs/fdi. See the third party section
m
Ah yep saw that too, was just gonna update. It seems this is for pkce though
So this is what im referring to
i assume code under redirectUriQueryParams is the authcode
r
Yes
You can even just pass in idToken as well
See the schema tab in the swagger spec