GDPR / Cookies

Hi @flizzywp

Nextend Social Login offer tools to make itself GDPR Compilant, but actually it depends on your settings.
This means, you need to have a Privacy Policy which includes what user details your site gathers from the user and why?

The stored user details will be also included in the export generated by WordPress’ “Export Personal data” tool. So your users will be able to check their stored information.

If you would like to know more about Nextend Social Login and GDPR please check the documentation below:
https://nextendweb.com/nextend-social-login-docs/gdpr/

Cookie:
Yes, a cookie is set for flagging the user as logged in user.

Best regards,
Laszlo.

Thank you for your answer. I just read that article!

From what I see, there are no cookies from these external sites stored on the users’ computer, at least not on my website, is that correct?

So when a user goes through the registration/login process, comes back to my website and checks what cookies are set, there are only the normal WP login cookies and nothing related to Facebook, Twitter etc.?

Hi @flizzywp

We set a cookie for session handling. Once the user logged in, this cookie will be destroyed and the default WordPress cookie will be set instead. We won’t set cookies other than this.

This because we are handling the registration and login via the OAuth2 Protocol:
https://oauth.net/2/
which grants an Access Token that your server can use, to make certain requests in the name of the user ( what the user gave his/her permission for ), for example get the id, first name, last name, avatar and this helps Nextend Social Login to identify the associated WordPress account on your site.

Ps.:
Providers will most likely set cookies on their own site for identifying logged in users, but not on yours.

• This reply was modified 6 years, 1 month ago by Laszlo.

Ok, thank you for the detailed explanation!

Hi @flizzywp

I am glad I could help!

I mark this topic as resolved.

Best regards,
Laszlo.

Sorry, I have one more question for clarification:

After the user created an account, is there any connection between his account on my website and his social account? I don’t only mean http-wise, I mean is there any form of communication between them?
Or does it basically just use his data to create an account on my site and then cut the connection?

Hi @flizzywp!

The only connection between the social provider and your website will be during registration and login. With the registration we are asking down the user data to store it just like a regular WordPress user’s datas. Then with the logins we are asking down the user data to check if it is the same user. Besides this there won’t be any communication between the website and the social provider.

Thank you, that’s great! It makes it really uncomplicated to implement in a GDPR compliant way.

Could you tell me how the social login later recognizes what WP account the social account belongs to if the user logs in again?

Hi @flizzywp

On a successful registration / link action, we store a link between the WordPress account – the provider identifier – and the user identifier provided by the social provider. It is stored in the <wp_preffix>social_users table.

On each login your server communicates with the social provider over the social App you created for Nextend Social Login and after the authentication was successful the user details will be retrieved what Nextend Social Login can use to check if there is a match.

• This reply was modified 6 years, 1 month ago by Laszlo.