I assume I can’t use user.create\user.login api because I won’t ask user to provide password, I want to use facebook userId and access token only
Basic flow:
In mobile app I’ll use facebook plugin to login.
After user logged in on device I push access_token and FB user Id to my custom API
From server side I can now check if this access_token is valid and match user id (via graph.facebook.com/…)
After validation I will check if username “facebook_{userid}” exists in mysql, create it if not exist
Use mysql to store additional user data
So should I manually create new records for coronium database, cc_users table? Because with it I can view users statistic in webmin. But downside is that I should fill password (and probably some other columns) with trash data - because I’m not using them, but they are required.
Another way is to create new table for my users in coronium db. Then I’ll have full control on it, but lose webmin visualization. And I wonder: can future updates affect tables created in coronium database?
Thanks for reading this wall of text
Any thoughts?
I get id from user external service and use it to automatically create a user account, using the user module in coronium core.
You can also make your own user table, with the obvious limitations you’ve mentioned, the choice is yours.
You are clearly interested in coronium core so I suggest you dive in and test drive it to find out what can be done and not
These days you even have a free trial period
Theory will only get you so far and I suspect people on the forum are more inclined to help with actual code problems than theoretical cases like this one where you can find the answer yourself by firing up coronium core and try it out.
I already have coronium server installed, I just experimenting with modules for now.
I get id from user external service and use it to automatically create a user account, using the user module in coronium core.
So my actual code problem is that password is required. Do you set up some default password to create user from user module?
Edit : I also figured out that core.users object is available on api side. But the problem is that this method is asynchronous: it require listener. And api method should return response in synchronous way: I don’t have possibility to “wait” until listener fired
Yeah I generate the user password on user creation together with a user hash id which is stored with user data.
I know there is no wait functionailty in lua but how come you cant wait for the reply before “moving on” ? Everything in corona in regards to network calls are async so this is one you need to code according to.
It is possible to create you own “wait” logic using booleans but i find it more hassle than calling functions from async callbacks.
I mean I can’t wait on server side (in coronium api)
So code I want:
function api.upsertUser(params) --validate params code --check if user exist if (userNotExist) then core.users.create({username = params.username, password="some default password"}, myListener) else core.users.login({...}, myListener) end --I should return value from api function, return from listener will not work return {} end
What columns do you need for Facebook login (its been a while since i’ve used it)? Perhaps having support for Facebook login in the users system would be a good idea,
There is a server-side users module, but it requires a different approach, and if not handled properly could mess up the users system, so I never documented it for safety. That may be a good way to add custom users though. I could add documentation if you’re interested in trying that approach. You would then need to write your own custom server-side login logic.
The “coronium” database is not safe from updates, as new features or adjustments might be made in the future, so its best not to change it.
For now I trying to build flexible OAuth system (at least for Facebook and Google).
I use Facebook user Id for now
function api.createOrUpdateUser(params) if (params == nil) then return core.error("provide parameters!") end if (type(params.loginSystem) ~= "string" or not checkLoginSystem(params.loginSystem)) then return core.error("loginSystem missed or unknown") end if (params.userId == nil) then return core.error("User id is required") end local userId = core.mysql.escape(params.userId) local lSystem = core.mysql.escape(params.loginSystem) local record, err = core.mysql.selectOne(DB\_NAME, { tbl = USERS\_TABLE, where = "externalId = " .. userId .. " and loginSystem = " .. lSystem, columns = { "id" } }) if (err) then return toGeneralError(err) end local isUserExist = record ~= nil print("user exist?",isUserExist) if (not isUserExist) then core.mysql.insert(DB\_NAME, { tbl = USERS\_TABLE, values = { username = userId, loginSystem = lSystem, data = core.json.encode({ counter = 1 }) } }) end ...
So, you would be creating a new user, with username and email for instance (no password), and then associate the client_id from the external provider to that user.
On login, you want to use the client_id from the external provider to access/login the user.
I use Facebook plugin, so user just click “login using facebook” button. Then I just store some data, which associated with facebook account (so when user will login on another device he will get his data back).
Validating token on api side just guarantied that request from client coming from authorized user
Do you get any type of permanent Facebook client ID, or is it only the access token?
If you get a permanent id, then we can associate that with a Coronium user record, so you would know that the client is valid.
I could then add another method of logging in the user using email and Facebook ID which you should be able to get back from the FB login.
If your app’s own custom login system uses an email address to uniquely identify each account, you should also ask for the person’s email address (using the email permission) during the Facebook Login flow. Read our guide to requesting permissions to find out how to do this.
Do you get any type of permanent Facebook client ID, or is it only the access token?
I registered an app on https://developers.facebook.com.
Then I used Facebook plugin to login on androide and get userId.
Then I use facebook.getAccessToken() and pass token+id to api
Then on api side I validate id+token pair (to be as secure as possible)
local urlFormat = "https://graph.facebook.com/debug\_token?input\_token=%s&access\_token=%s|%s" local url = string.format(urlFormat, params.token, FACEBOOK\_APP\_ID, FACEBOOK\_APP\_SECRET) local resp, err = core.network.getJson(url)
It works for now
I could then add another method of logging in the user using email and Facebook ID
Yes, I can request email permission.
But guide you linked says that if user registered on facebook using phone number email could be empty.
Ok, well as long as there is some type of immutable id from Facebook, then I think I can make this work. I’ll be exposing a couple new user module methods on the server-side.
I’ll be using the following fields in an “Oauth” table to associate to the Coronium user:
user_id (for relationship)
client_id (from FB or Google)
access_token (for whatever)
provider (FB or Google)
Are there any other fields that you think you would need?
I’ll start working on it now. And then I’ll send you preview build link for server download to test.
Yes, it will be on the server-side. Basically it provides another way to generate a user record, as well as, a “login” that will allow you to still have the Webmin stats.
