#2362 - Facebook addon support for when members have a duplicated email address
| Identifier | #2362 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | Facebook addon support for when members have a duplicated email address |
| Status | Closed (rejected) |
| Tags |
Type: External social media integration (custom) |
| Handling member | Chris Graham |
| Addon | General / Uncategorised |
| Description | Currently the addon supports associating an existing login with a new Facebook connection.
However, it does not support a similar case for guest users, where an account with that email address already exists. In such a case it should bind to that existing account. We should add a new privilege named "Facebook logins not trusted to associate" and document it. If the privilege is set on a group, a Facebook user with an email of a member in that group, cannot associate the account to Facebook if not logged in. They get an error message instead. This is an important security consideration because we cannot necessarily trust a Facebook account's email really is verified, or the account is not stolen - and we certainly don't want people to use FB as a vector to associate themselves onto an admin account. |
| Steps to reproduce | |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments