For some reason google oauth2 can signup into same user with different gmail emails
See original GitHub issueSometimes when user signups with his gmail account to my service and then he signups with his G Suite account, both emails create record in UserSocialAuth model but to same django User. Can someone help me understand why this happens and how to avoid it? I need both gmail accounts have separate django accounts.
SOCIAL_AUTH_PIPELINE = [
'social_core.pipeline.social_auth.social_details',
'social_core.pipeline.social_auth.social_uid',
'social_core.pipeline.social_auth.auth_allowed',
'social_core.pipeline.social_auth.social_user',
# request consent if no refresh_token
'contrib.pipelines.redirect_if_no_refresh_token',
'social_core.pipeline.user.get_username',
# http://python-social-auth.readthedocs.io/en/latest/use_cases.html#associate-users-by-email
'social_core.pipeline.social_auth.associate_by_email',
'social_core.pipeline.user.create_user',
'social_core.pipeline.social_auth.associate_user',
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
'contrib.pipelines.get_avatar',
# create default data for user
'contrib.pipelines.dummy_data.create',
]
Here is how it looks in my db
In [7]: for uu in UserSocialAuth.objects.filter(user__email='me@mydomain.com').values():
...: print(uu)
...:
{'user_id': 133, 'uid': 'me@mydomain.com', 'provider': 'google-oauth2', 'id': 125, 'extra_data': {'auth_time': 1523347209, 'access_token': '...', 'expires': 3600, 'token_type': 'Bearer', 'refresh_token': '...'}}
{'user_id': 133, 'uid': 'me@gmail.com', 'provider': 'google-oauth2', 'id': 401, 'extra_data': {'auth_time': 1522379769, 'access_token': '...', 'expires': 3598, 'token_type': 'Bearer'}}
Issue Analytics
- State:
- Created 5 years ago
- Comments:6 (3 by maintainers)
Top Results From Across the Web
For some reason google oauth2 can signup into same user ...
The issue seems to be with associate_by_email config in the pipeline. Removing that config would create a new user for all new social...
Read more >Account linking with OAuth-based Google Sign-in ...
The OAuth-based Google Sign-in "Streamlined" linking type adds Google Sign-In on top of OAuth-based account linking.
Read more >Avoid sharing an account among users - Google Support
Google Accounts, such as maria@solarmora.com, are intended for use by only one person. If multiple people in your organization frequently use the same...
Read more >One account. All of Google. - Sign in - Google Accounts
One account. All of Google. Sign in with your Google Account. Enter your email. Find my account · Sign in with a different...
Read more >Setting Up Google OAuth2 for your Gmail account for Email to ...
Google is switching off its support for basic authentications for free Gmail accounts used on third-party applications. · Similar things are ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@imomaliev, if the user doesn’t logout from your app, and then proceeds to login with the second GSuit account, then the new social account is associated to the currently logged in user. If you want to enforce separated accounts, then you need to force that no user is currently logged in in your site.
@imomaliev, yes, it can be implemented on a single framework, but for these kind of features that have such impact on the user experience, I prefer to have them implemented on each supported framework, or at least have the corresponding placeholders in the codebase for them to be implemented at some point or for the developer to extend with the desired functionality.