Start a new topic

Login with Facebook of an existing username in Kinvey's user collection leads to duplicated usernames

If you created a username with password, then a user is created in the user collection. Then if you log out and use Facebook, whose email is also, to log in (with Facebook), you actually created another user whose username is also This is a violation of unique username. Then many errors will follow.... 

A possible solution for programmers is like the following: we first log in with facebook, then with facebook token we login to Kinvey, and check if the username(email) is empty. 

If the email is not empty, then this is not a new account. Nothing is wrong.

If the email is empty, then this is a new account. Then we get the email from the Facebook account, and check if the username in Kinvey exists using [KCSUser checkUsername:strEmail withCompletionBlock]. If it exists, then we have a problem because we have two accounts with the same email(as username). Then we have to log out Facebook, remove this account from Kinvey, clear all saved credentials, and return a login error. 

Is is possible that Kinvey SDK provides another function to combine a Facebook token to an existing account? So far we only one function for Facebook login, which is [KCSUser loginWithSocialIdentity:KCSSocialIDFacebook accessDictionary:@{ KCSUserAccessTokenKey : accessToken} withCompletionBlock:^(KCSUser *user, NSError *errorOrNil, KCSUserActionResult result) {    }].

Hello Yonghui,

I spoke with our iOS engineer about this to double check and I don't think that your assertion here is correct.

When you create a login via email address it would save the email address and create a user (as you would expect it to).  When you authenticate via OAuth (facebook in this case) you get a token and a UUID returned via facebook.  To my knowledge the user should be freshly created and should have no overlap with the existing user, as the username in our records would reflect the UUID.

Can you help me understand if this is different than what you are describing?


What you said is definitely right. But that is not my question. 

Consider this case: Bob has a facebook accout:  

Then Bob want to sign up in a Kinvey app, he sign up with his email, This is totally fine, right? 

The next time Bob want to log in, he forgot his email, which is his username. So he decided to log in with Facebook, then he created another user with OAuth (facebook in this case). Note that the new account only has a Facebook token and user_id. 

Now the question is this: if this Kinvey app wants to sync information with Facebook, it can fetch information from Facebook. Then it gets the email, And use -[KCSUser saveWithCompletionBlock:] to save this email. Then we have two accounts in the backend having the same emails. 

I suggest Kinvey check parse (another mBaaS company) method, which use a link method to link a Facebook id to current user.

Hrm, this is an interesting point that you bring up, I'll mention it to the backend team.


Login or Signup to post a comment