No internet connection
  1. Home
  2. Ideas

eMail verification needed also after Facebook and Twitter authentication

By Marco Jakobs @marco
    2021-02-10 19:02:30.305Z2021-02-10 19:51:39.198Z

    I'm configuring logins with Facebook, Twitter and Google for my commenting server. After configuring the logins I did a test with all 3 providers.

    All went smooth up to a point where Talkyard told me to verify my email address when I log in with Facebook or Twitter . That should not be necessary once the login was done with OAUTH stuff (also mentioned in the admin setting that verification will not be needed when authenticated by Facebook etc.)

    Only the login with Google went smooth and no email verification was needed.

    Looks like an issue?

    • 4 replies
    1. It works as intended, currently:

      Twitter apparently won't include any email address, if one signs up via Twitter. Therefore, with Twitter, Talkyard always (?) asks for an email address. And even if Twitter did include an email address, I'm not sure if Twitter has actually verified it or not. So Talkyard would want to send a verification email, in any case.

      Facebook: I wasn't sure if Facebook guarantees that the email addresses have been verified by Facebook. So, therefore, I made Talkyard send a verification email, to stay on the safe side.

      Gmail .com addresses have always been verified by Google though, so then Talkyard doesn't need to send any email addr verification email.

      (Sorry for the late reply, I forgot)

      1. MMarco Jakobs @marco
          2021-03-15 18:42:36.161Z

          Hi Kaj,

          is there a way to make the additional verification eMail optional for Twitter/Facebook logins? I want to ease the process of writing comments, and it should be fine if someone logs in with FB or Twitter without bothering people with additional steps ;-)

          1. KajMagnus @KajMagnus2021-03-16 20:30:59.727Z2021-03-16 20:37:38.243Z

            Yes, well not yet, but it could work like so:

            1. People can sign up and post comments via FB and Twitter, no email address needed.
            2. Then, after they've done that, if Ty doesn't have any email address to them, they can optionally type an email address (after they've posted their comment already), so they can get notified of replies.
            3. If needed, Talkyard sends an email address verification email.
            4. If needed, then, some time later, they check their email, and click any verification link. (There'd be no hurry — they can do this, when they check their email anyway, a daily habit maybe.)
            5. If later on they get a reply to their comment, Talkyard can now notify them via email (if needed, Talkyard waits until they've clicked the email verification link, before notifying them of replies).

            If they accidentally type the wrong email address, or if they didn't provide any email address at all, they can login again via FB or Twitter, some time later, and add the correct email address.


            I think I like this signup-&-reply flow, better than the current default flow. I suppose both alternatives are good — how it works now, with email verification required before posting, could be good for a bit larger and more noisy sites. And the "lightweight" flow (no email addr needed), for blog comments and smaller communities?

            There are a bit many other things going on right now (with Talkayrd); it'll take a while before this (or something similar — if you have other ideas?) gets implemented.


            What do you think about the above approach to replying via FB, Twitter, and no additional steps? Can you think of some problems, maybe some tweaks needed? or something completely different?

            (I changed the topic type to Idea, and status Plan-to-do.)

            1. @marco Hmm maybe I have implemented this already. Let me check. There're these admin settings (at /-/admin/settings/login) — and if you un-tick and tick them so they look like this:

              [ ] Require verified email     <—— un-tick this checkbox
              New users must specify an email address, and click an email verification link (unless verified already via e.g. Gmail or Facebook). Recommended, because you'll have a way to contact everyone. And we can send password reset emails.
              [x]  May compose before signup    <—— allow this
              People may start writing posts before they have signed up. When they try to submit their post, they are asked to sign up. Good, because might result in more people signing up — because once they've written something already, they'll want to signup so they can submit it.
              [x] May post before email verified    <—— allow this
              New users may login and post messages, before they have clicked an email verification link. Good, because then people won't need to check their email, during the signup process. Bad, because we won't know for sure if people's email addresses work. Also means there can be many user accounts with the same email address.

              Then I'm thinking that Talkyard will then behave, in the way you want? Hmm. But maybe this won't work, together with Twitter and Facebook, I don't remember — will need to have a look at this, and add documentation.

        • Progress
          with doing this idea
        • @KajMagnus marked this topic as Planned 2021-03-16 20:37:03.104Z.