Hey,
first of all i am not sure if it is ok to offer both registration and login types "fboauth and normal drupal" at the same time. but I installed fboauth and i am testing it, the fb connect block is visible on all pages, I noticed this behaviour:
if i am in my browser or mobile webview and already logged in to fb ( normal fb) ,, and if i have an account with drupal and assigned my fb account to it, then i logout as normal and login with a different user with "normal" drupal login fields that still has no fb account assigned to the drupal account, the fb connect button is now waiting for connect, and didnt log my user from fb which is correct because it is another user. but if i click now on fb connect ,it will connect me to my fb account as normal, and then I logout directly ( remember i am logged in to fb in another tab). , then I click on the fb connect button, drupal will log me in with the latest user i tried to login to it, so it is overtaking it and i have to use normal login fields to login in to my previous"real" user account .. so am i doing it wrong ? and the fb connect button should be hidden after login ? i thought about allowing a user to connect to fb later after he/she is logged in.
Comments
Comment #0.0
aakkawi CreditAttribution: aakkawi commentedadded/ edited : on fb connect ,it will connect me to my fb account as normal, and then
Comment #0.1
aakkawi CreditAttribution: aakkawi commentedsmall edit
Comment #0.2
aakkawi CreditAttribution: aakkawi commentedadded drupal login fields that still has no fb account assigned to the drupal account,
Comment #1
mike27 CreditAttribution: mike27 commentedI have the same issue. FB oauth automatically deauthorises the "old" user and authorises the new one. It is not clear why there is no validation based on the user emails. More specifically, when a new user is created the fb_oauth retrieves the user email from facebook. In the case when someone wants to link his account with his fb profile the fb_oauth should deny authorization if the email addresses are different. Please help on this, it is also a security-related issue when one of the users is admin and the other is normal.
Comment #2
RobertCervenka CreditAttribution: RobertCervenka commentedReporting same issue. TL;DR:
The issue might arise from button even showing onsite after login. Then it works like "connect my current drupal account without FB to my current FB session account". We found it out the other way: had two login screens opens: first login with normal D7 user, then switch to other screen and click "Login with FB", and voila: two different accounts (email, names, and so on) are suddenly connected.
Workaround is to disallow auto-connecting accounts, when fboauth_action_connect is called.
Comment #3
tennist CreditAttribution: tennist as a volunteer commentedI was experiencing this same issue on my installation. If I associated or created an account with facebook, then logged out and logged into and non-associated account and clicked connect, this second account became connected and I could no longer get into the first account. The reason for this is that the module does not perform a check to see if there is already an associated drupal account for the facebook account in question. I was able to fix this with a few lines of code in the includes/fboauth.fboauth.inc file. The lines of code were added at near the end of the function fboauth_action_connect() just after is says:
//The user is already logged into Drupal.
.The needed lines of code are as follows: