Freecodecamp: Update Linking Twitter or LinkedIn handles on settings page.

What do you mean by this?

@BerkeleyTrue the goal is to prevent "this account is already associated with another user" type errors. We should assume that the current account the user is using is in fact the account they intend to keep using. This is a graceful way to do this.

I'm worried about destroying user info and orphaning accounts.

Why not instead auto signing them out and take them to the github signin page?

@BerkeleyTrue this is just for Twitter and LinkedIn - not for GitHub.

We will handle GitHub collisions differently (https://github.com/FreeCodeCamp/FreeCodeCamp/issues/10802)

It's possible that this could orphan some accounts. Signing people out isn't an elegant solution, though. What other ideas do you have?

Yes, deleting UserIdenties could orphan accounts. Will have to come up a real use case to prove this, but why not we simply let users feed in their LinkedIn and Twitter public URLs in as form entry and that can be shown up in their profiles.

We do not need auths for these right? Most websites who do not use Twitter or LinkedIn to log in just let users specify the URLs to their profiles.

Also, I don't think there is any point where we should allow a non-owner to delete records.

@raisedadead yes - we used to just let people manually add these to their account with a string. We could go back to doing this.

1) run a migration that converts their Twitter/LinkedIn information into a URL to their profile
2) allow them to modify that string or delete it entirely

I do think we should check that their URL includes twitter.com and LinkedIn.com/in/ since they could potentially put anything here.

Is there any issue with people adding accounts they might not be the owner of?

I don't think that will be a huge issue, for instance, if someone does add a URL to someone else's account, they can be reported via standard reporting channels, considering we have a flagging mechanism already in place.

IMHO, That's a huge cost saving than managing auths.

That said we need not delete any records via user interaction.

@BerkeleyTrue that was one of the reasons I decided to get these through an authentication action - that and to reduce errors.

I don't want to implement some sort of flagging system here.

The current system - with the ability to unlink Twitter and LinkedIn handles - is extra work for the user, but it does work reliably.

User stories:

As a user I can:

• Add my twitter handle on the settings page
• Add my linked handle on the settings page

This should modify the user object in the appropriate areas (these already exist).

This should not modify auth system.

The profile flagging is already in place by the community, I am not sure if adding an auth does anything advantageous.

A human check is basically a very reliable mechanism.

For instance, if I am a recruiter and I happen to visit the LinkedIn page from the free code camp profile, I am smart enough to know if the profile is actually the campers or someone else's.

Not sure how auth is going to help solve that problem.

I am open to ideas though.

@raisedadead ah, I wasn't aware that we already had a flagging mechanism in place (on staging?)

So there will be a single button that people can click that says "flag this account?" If we have that in place, I agree that we could just let them input their own profile links.

@QuincyLarson He is just referring to self reporting. There is no hard coded system.

So there will be a single button that people can click that says "flag this account?" If we have that in place, I agree that we could just let them input their own profile links.

Interesting. Should be nice to implement, and give access to mods only to view a report of such profiles? Doesn't relate to this specific issue, I could open a new one if we are looking forward to something like that?

@raisedadead yes - this is the simplest user experience. It should only show up if the camper is logged in, and we should have a record of who reported it, in case we get people "crying wolf."

The best way would be to send an email to [email protected] so I can take a look at it myself. If these start piling up, we can design a system through which they're reviewed by someone else.

For now this wouldn't need to actually hit the database imho.

Looks this was closed in error, this still needs to be implemented. As old auth mechanisms will have to go away completely.