Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
is there a problem with OAuth2 if two providers authenticate the same ident? #84
say i have an ident on google with email@example.com, then i sign up to another oauth2 provider with that as my username (if allowed). then i could authenticate with either provider. this would be a problem; i.e. idents need to be unique across *every single oauth2 implementor'.
i guess this is why you should only allow people to authenticate with a small number of providers, or alternatively identify users in your database by their identifier and the provider, not just the id.