User Account Mapping

Last updated: March 31, 2020

The user account mapping is the ability of your application to identify a local user (user at your app) by a Meveto ID. There are two possible scenarios where a Meveto ID can be easily mapped to a local user. The first scenario is at the time of user registration and the other one is an already existing user that has never used Meveto before, to login to your app. If your app has integrated Meveto after it already has many users and an existing authentication system (such as password based login). Then, in order to let your existing users be able to use Meveto, you must introduce a new column (attribute) in your database's users entity (table). We prefer to call this attribute meveto_id, and the most important part is to let this field be NULL by default. This way, all your existing users can now have a Meveto identifier mapped to their accounts, when they want to login to your app via Meveto.

From the steps at user login, suppose your application receives an unknown Meveto ID, that's not yet associated with any user of your app, you can give the user 2 choices at this point. Either register a new account if the user does not have an account, or use the old authentication method to specify an existing account, that they wish to map (connect) to their Meveto ID. Your app can easily achieve this feature by simply redirecting users to a page (view), which would allow the user to proceed as per the aforementioned 2 choices. Meanwhile, temporarily store the Meveto ID that's being processed. After the user completes registration or authentication, set their Meveto ID to what your app had received from Meveto. Next time whenever your app receives the Meveto ID again, you will be able to map it to your local user and directly complete the login process.

If your application is a web app, never store Meveto ID in the publicly visible URLs of your pages, browser storages or cookies. It could have serious implications because end users can easily change Meveto ID and therefore it can never be trusted as an input that your app can process.