https://supertokens.com/ logo
Channels
Powered by
e

EdwinN1337

06/02/2022, 12:06 PM
Hello 🙂 Is it possible to request password, or use the email/password login, when initial registered with third party I was checking https://github.com/supertokens/supertokens-auth-react/blob/master/examples/with-thirdpartyemailpassword-passwordless/api-server/accountLinkingMap.js But this is not what we want. Basically, what we want is a user that registered by third party, request/reset password and login by email
r

rp

06/02/2022, 12:19 PM
hey @EdwinN1337
It is possible, but you will need to implement account linking as shown in the demo app above. We are also working on the account linking feature so that so many customisations do not have to be made, but until then, you will have to do this yourself.
e

EdwinN1337

06/02/2022, 12:25 PM
It's not really linking, it's using multiple login options... When registered with a thirdparty / the email is unique in our own database. So we wan't to give them the option to also login with email/password. Since they havent filled in a password, they would request lost pass... But that doesnt work when registered as third party
r

rp

06/02/2022, 12:26 PM
So if you don't give them the option to login via email password, then why ask them to set a password?
e

EdwinN1337

06/02/2022, 12:26 PM
We are, giving the option 😉
third party or email/password
r

rp

06/02/2022, 12:27 PM
hmm. So if they login with email password later, then you need to resolve the same user ID correct?
e

EdwinN1337

06/02/2022, 12:27 PM
correct
r

rp

06/02/2022, 12:27 PM
that is account linking.
What I would recommend is to disallow a user to login via email password if they have logged in with third party. You can show them a message saying "email already exists" if they are trying to sign up with email password, and if they try to login, it will just tell them incorrect credentials. If they try and reset the password, you can show them an error saying to sign in via social login (since they did that before)
the only other way is to implement account linking, which can be quite complex and have lots of security issues if not done correctly.
e

EdwinN1337

06/02/2022, 12:34 PM
Right! Guess we will go for that
It has alot of edge cases havent thought of
thanks!
Also easier to implement
r

rp

06/02/2022, 12:35 PM
Yup! Please feel free to ask questions if you are stuck on how to go about doing the customisations.
e

EdwinN1337

06/02/2022, 12:35 PM
Will do! 👍
Copy code
js
              generatePasswordResetTokenPOST: async (input) => {
                const response = await oI.generatePasswordResetTokenPOST(input)

                return response
              },
We can only return 
status: 'OK'
, which API should I override to provide extra feedback
when calling 
/api/auth/user/password/reset/token
, {`
r

rp

06/02/2022, 1:13 PM
You can throw an error from this API, and it will show up in your app's error handler. Then you can send any message to the frontend.
2 Views
Powered by