Providers with single callback not considered

  • Resolved stevemoretz

    (@stevemoretz)


    2 years, 6 months ago

    Well let me clarify, let’s assume we have a multi-lingual website. This website has multiple languages and its language format settings in WPML is set to directory format eg: example.com/en example.com/de and …

    So when setting up provider which only support one callback url per client info, such as Github, there is literally no way to get it working now on all the languages.

    Now well it’s not exactly your fault Github should add support for it, but that means at least until they do it, on a multilingual website or any website that needs that those providers are useless.

    I’m a software engineer myself, and I have seen this situation in other places, such as social logins in mobile applications.

    I suggest you add a filter which lets us pass in different credentials in different conditions for each provider.

    Please consider that this issue isn’t only about multilingual websites, I use your great plugin also for my api, and the api needs its own callback urls so it’s not just a request for adding more support only for WPML and be done, please consider adding the filter I described above to make this process flexible for everything.

    Thank you so much.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Laszlo

    (@laszloszalvak)

    Hi @stevemoretz

    We are aware of this limitation, but using a second App will cause other problems in certain cases, as some Apps return App Scoped User IDs.
    In short, an App scoped User IDs is an ID that is unique only in the App that returned the ID.

    What does this mean in your case?
    Here is an example with Facebook:
    Let’s say a user registered with Facebook App1. Facebook App1 returned this as User ID:

    • abc123

    Then you override the Client ID and Secret with the credentials of Facebook App2.
    When the same user tries to connect over App2, it will return this User ID:

    • xyz456

    Nextend Social Login will see that, this as a completely different Facebook account and even if the email address matches, we will see that the WordPress account already has another Facebook account linked from the same kind, so the login will fail.

    Replacing the App could also create a security issue, since as I mentioned above the 2 different Apps can return 2 completely different IDs for the same user. So there is a small chance that another user gets the same ID that was another user’s ID in the 1st App, and that could make the person to login to the account of somebody else, if there is WordPress account already linked with that social media ID.

    I see that in cases where different Apps return the same user ID for the same user, it won’t cause a problem. So I will discuss this topic with our Senior Developer, if we could add filters in those cases where the App allows entering only a single Callback URL and the different apps return the same user IDs.

    But the Free version is actually not affected by this problem, as the App of all 3 free providers allows you to enter multiple Callback URLs.

    The GitHub provider that you are referring to is available only with the Pro Addon and as per forum rules, commercial products can not be supported in these forums. So if you would like to continue this topic, then please get in touch with us directly over the ticket system:

    Best regards,
    Laszlo.

    Thread Starter stevemoretz

    (@stevemoretz)

    That’s some deeper thinking which I didn’t do ??
    Sorry sounds like my request doesn’t make much sense.

    Plugin Support Laszlo

    (@laszloszalvak)

    Hi @stevemoretz

    Actually we made some tests and introduced some provider specific filters for Client ID and Secret overrides in cases where it won’t cause problems.
    Our senior developer hasn’t merged these changes yet, but if you could get in touch with us over the ticket system:

    then we could send you an updated installer next week, once the changes are merged. Also I will give you some more information about the filters.

    Best regards,
    Laszlo.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Providers with single callback not considered’ is closed to new replies.