How best to handle account name collisions?
Here's another poll question for the DFF community...
If you're using Drupal for Facebook you're aware that it will create a Drupal account when facebook users use your app. You're also aware that it uses the facebook name for the drupal account name.
Trouble is, Drupal account's need to be uniquely named, while facebook accounts do not. Also, your drupal install may already have a user with the same name as a facebook user.
So my question is, what should DFF do when it needs to create a user and the name is already taken? Note that it will not always be possible to prompt the user in these cases. So it's better for DFF to name the user in some way and give the user a chance to change the name later.
Possibilities include...
1) User John Doe gets "John Doe" if available. If not, they get "John Doe 2", "John Doe 3", etc...
2) User John Doe gets "123456789@facebook", where 123456789 is their facebook user id.
Note that option 2 could also have name collisions, if your drupal install hosts more than one app and you've checked the make account unique option. So a third option might be
3) User John Doe gets "123456789@myapp", where myapp is the label you specified when you created the Facebook Application node.
I'm leaning towards (2) or (3), the more I think about it. It makes the drupal account names less friendly. But, the code to generate the names is easy, and names can always be changed later, at a time when collision checking is easier. In a world where a drupal site might be generating users via facebook, opensocial and who knows how else, using human-readable names just doesn't seem like a good idea.
What do you think?
- Forums:
I´m leaning toward 2
Hey man,
Great article! Finally one I understand. I think you should go with option nr 2. It is the simplest option of them all in my opinion.
What kind of Apps are you thinking about creating?
Inner Game | Seduction Community.
couple of comments
Couple of comments:
1. Fantastic initiative and great dev so far :)
2. You should either use
require_add
OR
require_login
Dont use the two together. If a user already added the application, that means they can be considered as logged in always, and the application can access their personal information even if the user is offline (highscores for example)
For integrating Drupal require_add is better
You can track when a user adds the app, and you can also track when a user uninstalls the app.
So there should be a couple of columns:
date isntalled
date uninstalled
currently installed (0 or 1)
You may not want to delete a user entirely from the db if they uninstall the app, as they might readd it later...
3. When a user adds the app, the first screen should prompt them to select a username, and that can handle the uniqueness verification.
4. Provide a link from the Drupal login box to the Facebook app page, saying "Login at Facebook" just like for OpenID.
5. If a user added the application, you can access their user info even off the Facebook canvas page via API and FQL calls, so the names of those who posted these comments could be seen at http://www.drupalforfacebook.org/ not just when you are looking at it through http://apps.facebook.com/drupalforfacebook/
6. My name is not Bubba as this post indicates.. :DD But Gyuri
That is my two cents :P
Will be closely monitoring this and hep wherever I can as this module is fantastic
why am i tagged as "bubba"?
as in the subject...
Bubba is now "Facebook User"
This is a somewhat experimental feature of Drupal for Facebook. In Drupal, all registered users have the "registered user" role and anyone else has the "anonymous user" role. I thought for facebook it might be useful to have yet another role, for users who are logged into facebook, but not registered in the Drupal database. This site has this experimental feature enabled.
Anyone who logs in, but does not add the app, is treated as a special user, currently named "Facebook User". I think bubba showed up and edited the username. And by "logs in", I mean they login from their facebook account, not the Drupal login page.
As I said, this feature is not really robust. The facebook scheme of adding vs logging in is confusing enough. Perhaps I should disable this feature, but these sorts of problems can help me understand it better and improve the code.
Emails are unique
If we could identify users internally by email address and use their full name as a display item it might better match facebooks auth system
Would be nice, but you can't
Would be nice, but you can't learn the email address from facebook. The facebook IDs are just as unique, but not as user-friendly.
ask it?
It is technically required for each Drupal user, so why not ask for the user´s email at registration-time? I am working on a site now that will be both a conventional site and a facebook app, and I´m forcing using the email as the username.
Usernames
I'm going to encourage my users to change their username as their submissions will be available on my site outside facebook as well. They might not want their actual name showing up for that. Therefore, I'd say either option 2 or 3 would help encourage them to change it to something they can remember and is anonymous.
What happens right now if 2 people with the exact same name add the app? Will it just error? Does it give them unique UIDs and the same name?
If two people with the same
If two people with the same name install, you'll get a cryptic database related error. There's a fix in progress:
http://drupal.org/node/195586
Login Authentication?
If I may suggest as an option before generating a new user at all - it would be great if you have a website that you already have an account on to use that one.
The two options potentially presented to a user could be
* login to the Drupal site (much like LastFM or Flickr authentication might)
* generate a username as above, with potential to change name afterwards
In my humble opinion, option three (userid@app) looks the best from an admin point of view. I would even suggest "UserName1234@MyApp" to give it a extra bit of human readability?
To Gener and Josh, Right
To Gener and Josh,
Right now, Drupal for Facebook makes no attempt to link an existing drupal account with a facebook account. It's obviously something that a lot of apps will want, but I'm not convinced all apps will want to do it the same way.
I imagine a process where a user adds an app, then the first page they see prompts them for a username and password, OR create a new account. If they provide a valid username and password, the accounts are linked, otherwise the new account is created. It will be a bit awkward because the user must add (or at least log into) the app, then they are immediately prompted to log in again.
Gener, I like the "UserName1234@MyApp" idea.
Sounds best for now.
This sounds like the best solution for now. If I understand correctly, you're proposing that the user who signs in from Facebook also logs in or creates a Drupal account, and the user who signs in from Drupal does the same on Facebook. Is that correct?
Or...
What happens if an existing drupal user (userabc) also uses your Facebook app, but their Facebook name is userxyz??
Latest version handles this
In recent versions, you can specify a post-add URL which allows the user to login to an existing account.
In your example, the facebook user adds the app, then chooses to log in as userabc. When she provides the username and password, the facebook account (userxyz) is mapped to the local account (userabc).