Log in | Register
  1. Forum
  3. Discontinued Products
  5. JFBConnect Joomla 1.5 Support (CLOSED)
  7. Re-authentication
× Joomla Facebook Connect support forum

Topic-icon Re-authentication

Active Subscriptions:

None
11 years 7 months ago #26818 by fb_100000532508192
Is it possible to add re-authentication (so the user has to enter facebook password again). Also will this be naitive in the next release. code example is below:

developers.facebook.com/docs/authentication/reauthentication/

Thanks
The topic has been locked.
Support Specialist
11 years 7 months ago #26834 by alzander
Replied by alzander on topic Re-authentication
We're aware of the re-authentication feature, but it's not something we have any plans of implementing. The problem is that once a user has authenticated on your site using Facebook, they have a real Joomla account. If there is something malicious going on, the user can simply change the Joomla user email and password and login to that account directly. Re-authenticating on Facebook wouldn't really have any effect since the user would still be logged into the underlying Joomla account.

In other words, what should happen if the re-authentication fails? If the user is on a checkout page in a shopping cart and logged into Joomla via Facebook, but can't re-authenticate, do we:
* Log the user out of Joomla (if so, they can just log back in using Joomla and not their FB account)
* Block the account (this could be problematic if it's a genuine mistake)
* ???

Feel free to throw suggestions out, but it's something we've never had requested and, as above, can't really see a good use for or way to implement.

Thanks,
Alex
The topic has been locked.
Active Subscriptions:

None
11 years 7 months ago #26870 by fb_100000532508192
Hi Alex,

i see your point. i was thinking along the lines of transactions whereby a user would need to enter password when completing transactions. Maybe using javascript? How do you think it could work using jfbconnect?

Thanks
The topic has been locked.
Support Specialist
11 years 7 months ago #26874 by alzander
Replied by alzander on topic Re-authentication
I'm not sure how it could be made to work with JFBConnect in a way that makes sense. Like I mentioned, since the user has a Joomla account as well as their Facebook login ability, if they can't re-authenticate through Facebook, what should the course of action be since they could just log back in with their Joomla account.

I think re-authentication works when you have a site that *only* allows Facebook users to login or register. Joomla just isn't that type of system, and the underpinnings of Joomla itself don't have any idea of a 'possibly non trusted user'. That means that any extensions that would use that functionality would need it specifically coded for that app and it wouldn't be a normal extension of Joomla.

So, I don't really see a way to make this work in a realistic fashion that actually performs some usefulness as I don't know what the degradation state (if they fail authentication) would be, or how that state would help protect anything. If you have ideas or suggestions, I'm all for listening!

Thanks,
Alex
The topic has been locked.
  1. Forum
  3. Discontinued Products
  5. JFBConnect Joomla 1.5 Support (CLOSED)
  7. Re-authentication
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS