Kebin Maharjan - 422 - Aug 1, 2014

Hi there,
I’m trying to figure out how to customize FacebookAuthProvider or get into the right direction for the situation posted at stackoverflow:

I didn’t want to re-post the question here so just the link if thats alright.

Any ideas would awesome :slight_smile:

Hi, as the linked answer says, you can’t automatically merge with someone else’s user account when just knowing their email address. The UserAuth automatically merges if they sign into their Facebook account when they’re already signed in.

Kebin Maharjan:

Hmm I think we are a bit confused here. I’m not looking to automatically merge when user is not signed in.
Here’s a detail example:

Scenario one:
- I create an account using password.
- I sign in.
- I sign in using facebook with
Here the UserAuth is automatically merged, which is perfect! 

Scenario two:
- I create an account using password.
- I sign in.
- I sign out.
- I sign in using facebook with
Here I’d like to throw an error - The account with already exists! Please sign in with

Currently for scenario #2, a new UserAuth is created.

So somehow when a user tries to sign in with facebook, and is not currently logged in with other accounts, I need to check if the email address already exists in the db. 

Ahh apologies, misread your question. Ok yeah that makes sense. Looks like you’ll have to override the OnAuthenticated method and either throw or return a custom HttpError response if the email exists, otherwise call base.OnAuthenticated().

I can look at making this easier by adding a custom hook that gets called before OnAuthenticated so you don’t have to subclass FBAuthProvider

Kebin Maharjan:

No worries. It is kinda confusing :slight_smile: And thanks a lot for getting back on this quickly!

A hook would be awesome. Would not prefer to override a provider! And this would be same for any other external providers…
Also does it make sense to have this by default or some sort of configuration? Seems like a pretty common use case?

Yeah agreed. I’ll look at doing both at get back to you here.

Hi, this should now both be done in this commit:
i.e. it now validates emails returned in OAuth providers are unique by default and there’s a new CustomValidationFilter delegate that can be used to verify custom logic.
This change is now available on MyGet:
I’ve also added an answer to your StackOverflow question with more details.