Wireframe Index
Login
Register
Login with External Provider
Page Purpose: Authenticate using OAuth/external providers.User Context: User wants to login/register using external account.Next Steps: After OAuth → User Dashboard or profile completion
Available Login Providers
Note: More providers (Google, Microsoft, etc.) can be added in the future.
Or Use Email & Password
Facebook OAuth Flow
User clicks "Continue with Facebook"
Redirected to Facebook login page
User authorizes Remarx app
Facebook redirects back with authorization code
System exchanges code for access token
System retrieves user info from Facebook
Check if external login is already linked to account
If linked: Complete loginIf new: Create account or link to existing
New User Association
For first-time Facebook login:
Option 1 - New Account:
Create new Remarx account using Facebook info
Email from Facebook becomes username
No password required (external auth only)
Prompt to complete profile
Option 2 - Link to Existing:
If Facebook email matches existing account
Prompt user to confirm linking
Link Facebook account to existing user
User can login with either method in future
Profile Completion Form
Data Model
AspNetUsers Table:
Email (from Facebook)
EmailConfirmed (true - verified by Facebook)
PasswordHash (null - not needed for external auth)
AspNetUserLogins Table:
LoginProvider ("Facebook")
ProviderKey (Facebook User ID)
UserId (FK to AspNetUsers)
ProviderDisplayName ("Facebook")
Retrieved from Facebook:
Email
First Name
Last Name
Profile Picture URL
Facebook User ID
Security Considerations
State Parameter: CSRF protection during OAuth flowSecure Redirect: Validate return URLsToken Validation: Verify tokens from FacebookScope Permissions: Request only necessary permissions (email, public_profile)Account Linking: Require confirmation before linking accountsEmail Verification: Trust Facebook's verification
User Management
Users can manage external logins in:
Features:
View linked external accounts
Remove external login associations
Add additional external logins
Set local password (if only using external login)
Configuration Requirements
Facebook App Configuration:
Facebook App ID
Facebook App Secret
Valid OAuth redirect URIs
App review for production use
Application Configuration:
OAuth middleware setup
Callback URL handling
Secure storage of app secrets
Error Handling
Common errors:
"Failed to retrieve information from Facebook" - Retry or use email login
"Email already associated with another account" - Login with existing method or contact support
"Authorization denied" - User cancelled Facebook authorization
"Invalid state parameter" - Security validation failed, try again