Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+8 votes
in Q2A Core by

I'm looking for some input on how to integrate Facebook Connect into Q2A. By extension the same approach will be used for other single-sign-on implementations in future. Here's what I am thinking at the moment - please let me know what you think:

  • To enable Facebook Connect, each installation of Q2A will need to sign up for a Facebook application ID and secret key. (This is inevitable.)
  • On Q2A sites with Facebook Connect enabled, if a user is not logged in, the Facebook Connect button appears on both the login and register pages.
  • Clicking this button will take a user to the usual Facebook confirmation, to allow the site to get access to the user's details.
  • When logging in for the first time via Facebook Connect, a new Q2A account will be created for the user, which is associated with their Facebook ID.
  • Each time a user logs in to Q2A via Facebook Connect, i.e. not only the first time, their Q2A account will be populated with the email and picture from their Facebook account. On their first login, their handle will also be set based on their name - if it's a duplicate of another user's, it will be transformed in some appropriate way to make it unique.
  • Users logged in via Facebook Connect cannot set their email manually via their account page, since anyway this will be updated from Facebook in future. They can however change their handle, and choose whether to show their Facebook avatar, or a different avatar instead.
  • A Q2A account associated with Facebook Connect can only be accessed via Facebook Connect, and not logged into another way.

Would love your input on whether this all makes sense.

related to an answer for: What are the additional features in 1.3?
You know, I really wished Facebook used OpenID instead of their own system.
Also, good luck! Facebook's API systems are notoriously convoluted and undocumented...
On second thoughts I think users who come via FB Connect should be able to modify their email as well. When they first sign in via FB, their email will be marked as confirmed (since Facebook requires this), but if they change it later in Q2A, they'll need to confirm it again the usual way.
Another change to the above. Because of how Facebook's Javascript API works, it made more sense to offer the Facebook login button alongside the standard Login/Register links at the top right, rather than only as an option on the login/register pages. And if a user logs in via Facebook, they will see the Facebook logout button in the top right, rather than the standard Q2A logout. This is necessitated by Facebook's terms and conditions.

3 Answers

0 votes
edited by

Seems to be very complete, only additional feature i can think about would be that a user could change somehow the account type, for the case that he does not longer wants to be a member of facebook.

Then, I am not sure, but when he cancels his permision for accessing his basic data, he somehow needs to be neutralized in the database, may be setting everything to anonymous.

Besides I allow me to recommend the http://thinkdiff.net/facebook/php-sdk-graph-api-base-facebook-connect-tutorial/ and http://thinkdiff.net/facebook/graph-api-javascript-base-facebook-connect-tutorial/ tutorials which seem to be well done.

Especially the discussion around could be of interest.


0 votes
I feel you covered all the points.
+3 votes
Everything seems fine except the final point. I would expect that users should be able to change their sign-in method if they want. For example they may delete their FB account, or change OpenID, or their provider may announce they are closing down. Also, anyone who has currently signed up with a regular account may want to switch to FB/OpenID.

For the login/register page, it would be nice to have something similar to Stack Overflow's page with links for Google, Yahoo, Facebook and so on.
OK, I see where you're coming from. I can allow users logged in via an external source to set a password via their 'My Account' page, and then they'll be able to also log in directly using their email/handle plus that password.

As for allowing users to add an external login later on, this will be supported by the database, but I don't think this version will get an interface for it.

Finally I'm planning to create a simple plug-in interface for external login methods, so that it will be easy to add other login methods via plug-ins. The first such plug-in will be for Facebook Connect.
Thank you for your great job and especially for plug-in interface. Hope you will explain how users can make their own login plug-ins and we will collect a library of them.
Great idea to have the same login features like stackoverflow, but I understand it correctly, that so we wont have facebook connect in the release You are actually working on ? If so, do You have any estimation when we could have the facebook connect ? Just to have an idea how to go on meanwhile.
Thanks monk333
Just to clarify, I do intend to implement Facebook Connect in the next release.
if you see it implemented here at the login excellent thanks gidgreen you the betsssss i waiting next release!!!
Yipiiiiiiee !! Testing the generously provided world best facebook feature.
Excellent, thank You so much, I wasnt sure what "next" finally means..
As I understand, a user could have two accounts, one only at q2a and one through facebook ? No problem for me, and once i quit facebook, i still have an account here. And, once a facebook user has changed his data it is not overwritten each time he enters through facebook. Very nice work !