account.get() does not check if Appwrite account is still linked with Google auth.
- 0
- Self Hosted
- Web


unlink google account

button goes to the unlink google account page

and yk the user can unlink

this page

isn't that a bit problematic because on my side, the only form of auth is google 🤔

For good user experience, you can delete the session afterwards automatically, and they wont be able to sign-in again. Keep in mind this leaves a "zombie" account which cannot be accessed, but isn't deleted; you still store their data.
My recommendation here would be ability to delete, or block the account instead.

In my opinion, unlink makes more sense where there are multiple providers, and you want to unlink a specific one (often to link to same provider but with another account)

by delete the session afterwards automatically, how would i be able to do that?

like a) on button press, session is deleted b) or when detect unlinked, session is deleted

?

also the zombie account is fine

OAuth providers usually allow a redirectURL - they redirect user there after changing configurations to OAuth permissions.
So that would be B).
But honestly, A) doesnt sound too bad - if they decide not to delete and come back, they can simply sign-in again. And it's simpler to implement than B)

say we go for B,

how would that work?

because the only solution that I could find was to use user = account.get()
and see what's inside user.prefs

but theres nothing in there

oh the other way was to get the oauth google token and check that with google's own API but idk how to get the token

You can do account.getSession('current')
, and it sohuld have both refresh token, and access tokens (tokens used to do calls to Google APIs on behalf of the user)

oh whaaatt ok

so im assuming its just like

try {
account.getSession('current');
} catch (e) {
console.log("Unable to log in user", e);
handleLogout(); // or whatever
}

or would account.getSession('current')
return something

That would check for Appwrite user, same as account.get()
. You need something like (pseudo code)
session = accoutn.getSession(current)
token = session.accessToken
response = fetch(api.google.com/v1/users, {
headers: { authroization: token }
})
if(response.ok is false) {
handleLogout();
}

ok lemme take a look
Recommended threads
- Safe Approach to Bucket
Hello, This is my utility function for obtaining the users' avatar url. Is this a safe approach to the problem? I am also unsure about ending the url with `&mod...
- REST API error : Request Entity Too Larg...
When trying to upload file to bucket (file size is 12mo), I got this error: Request Entity Too Large I'm using REST API because I'm calling appwrite from n8n w...
- Oauth integration not working after appw...
Hey all, I hope this is the correct category. As the title states, we recently upgraded both our staging and production appwrite to 1.6.1. We had GitHub oauth ...
