I would like to allow visitors to my website to log in using Facebook as opposed to requiring them to register – which is accomplished easily enough with the information here:
https://developers.facebook.com/docs/guides/web/
However, I would also like to keep the option of registration open. In other words, when a user first visits, he has the option of either registering with me, OR simply logging in using facebook. A profile on my site is then created for them, and everything is wonderful.
My thoughts are, for facebookers, to use their facebook username. However, this might cause issues when someone whose facebook username is “foo” visits for the first time and logs in using facebook, if somebody else has already registered with the username “foo”.
Has anybody else run into this issue? What’s the best way to mitigate it? Should I just use facebook registration instead?
I randomly generate a username (UUID, actually) when they login using alternate auth (Facebook, Twitter or OpenID). You can then allow them to choose a username at a later point from a profile page.
If you want, you can flag auto-generated usernames, so they won’t display, which would be confusing.
I also use the same process, but reversed, to allow logged in users to match up an external account when already logged in.