Social Email Sync, Anonymous username generation and password change

Hi all,

I’ve got 3 discussion topics but didn’t want to flood the forum so have combined them into one:

  1. Syncing up emails when social sign in is used
    If members that are using social integration sign up (Facebook) change their email address on the provider side (e.g. I change my Facebook email from foo@mycompany.com to bar@mycompany.com) does that get replicated into WP DB? If not would is be suitable to hook into auth0_user_login and check emails match on sign in and if not matching update the user record in WP?

  2. Is it possible to hook into the username generation?
    A number of our users have expressed a need for anonymity, we want to provide that so would like to generate random usernames. Is this possible?

  3. Password/Email Update syncing
    We use a theme that allows our users to update their email address and password. I have a couple of questions around this:
    a) Assuming this person signed up with email and password. Are there already hooks to update email/password in Auth0 when they are updated in WP or is that something we need to do? If so what’s the recommended pattern?
    b) If the person has a social integration sign up I assume we cannot have them changing their password or email address as that is defined by the social provider? If so I assume we use the identities → isSocial flag to determine whether we should display those email/password change fields or not?

Thanks,

Sara

Hi @sara,

Welcome to the Auth0 Community Forum!

Thanks for the thorough post. Feel free to make multiple short topics in the future, it will usually help them get answered as they are less consuming.

I will have to look into it more, but essentially you are asking if a user changes their social email, will the account still be linked? I think it should, social profiles are updated every time the user authenticates with that respective idp.

I think we need more clarification on this. If a user is creating their own username, can’t they make it whatever they want and be anonymous that way?

Password change can be done via the widget, or the management API. With the latter, you will need to set up a GUI for the user. And username change can be done the same way.

This would be correct. You could also check the connection type.

Hope this helps!

Thanks,
Dan

Hi Dan,

Thanks for getting back to me. My responses below:

I will have to look into it more, but essentially you are asking if a user changes their social email, will the account still be linked? I think it should, social profiles are updated every time the user authenticates with that respective idp.

I am asking that is a user changes their Facebook email with that be reflected in the WordPress profile. Will the email on the WordPress profile be updated. If so when does that happen?

I think we need more clarification on this. If a user is creating their own username, can’t they make it whatever they want and be anonymous that way?

The user is not creating their own username. They are asked to either enter their email address and password on sign up or connect using Facebook or Gmail. The WordPress plugin then auto generates a user name for the WordPress user profile associated with the Auth0 profile. I believe the code if found in the WP_Auth0_Users class with the create_user method. When that happens usernames are based firstly on “username” which isn’t there and then on “nickname” which is not set by the user but by Auth0 or the social provider.

Password change can be done via the widget, or the management API. With the latter, you will need to set up a GUI for the user. And username change can be done the same way.

I didn’t realise there was a widget, apologies I’ll take a look!

Thanks,

Sara

Hi @dan.woda are you able to come back to me on this?

Hi @sara,

I am asking that is a user changes their Facebook email with that be reflected in the WordPress profile. Will the email on the WordPress profile be updated. If so when does that happen?

This is a tough question to answer, honestly. When logging in with Facebook, the user has 3 sessions: Facebook, Auth0, and WordPress. When the WordPress session ends, they’ll reach out to Auth0. When the Auth0 session ends, they’ll reach out to Facebook. The email address in Auth0 is updated when the session with Facebook is refreshed and the one on WordPress happens when the Auth0 one is. Depending on how active the user is, this update might never happen because the sessions will remain active.

Is it possible to hook into the username generation?

Does this anonymity need to happen in Auth0 or in WordPress? If the former, a Hook or Rule would be the way to go, then that username could be used across all applications tied to your tenant. If that only needs to happen in WordPress, you can hook into the user creation process with the auth0_create_user_data filter:

https://github.com/auth0/wp-auth0/blob/master/lib/WP_Auth0_Users.php#L87

Password/Email Update syncing

This is possible using the user profile in wp-admin. If your theme uses the core hooks/filters during the process, then that should work but we can’t guarantee functionality with all themes and plugins. Change password hooks we use are here:

https://github.com/auth0/wp-auth0/blob/master/lib/profile/WP_Auth0_Profile_Change_Password.php#L38-L48

… change email is here:

https://github.com/auth0/wp-auth0/blob/master/lib/profile/WP_Auth0_Profile_Change_Email.php#L43-L47

Hope that helps!

1 Like

Thanks for the reminder @sara, this got a bit buried. Luckily we have some great input from @josh.cunningham! :pray:

Let us know if you have further questions.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.