Lite registration is pushing data for users without this user actually having an account. This allows for the following use cases, where the user provides his personal information without creating an account:
- subscription to a mailing-list;
- taking part in a prize competition;
- any other online situation where a user gives personal information without creating an account;
- in-store registration.
The lite registration consists in a single, public endpoint. The enpoint is used to push information about the user, which will trigger either the creation or update of the user profile.
A user profile submitted through lite registration (henceforth called “lite profile”) is identified by either an e-mail address or a phone number. It will be unified with any existing account based on that identifier. The unification can occur either at submission of the lite profile, if the account already exists, or later on when the user creates his account or adds this e-mail address or phone number to his account.
Data from the lite profile has lower priority than data from any other source (social login, local profile, etc.)
The lite registration endpoint being public has a few important implications for security.
To prevent any fraudulent association between an e-mail address and a phone number, it is not possible to push both on the same lite profile. If both informations are needed, you must choose one of those to be the identifier, and handle it normally. The other one can be defined as a custom field, and no unification will occur based on this field.
When unifying the lite profile with an account, data from the lite profile will not be displayed as long as the identifier used on the lite profile has not been verified (through a confirmation e-mail or SMS). This is necessary to prevent attackers from stealing the personal information in the lite profile by creating an account with the same identifier.