New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

is there a problem with OAuth2 if two providers authenticate the same ident? #84

Open
silky opened this Issue Oct 14, 2015 · 0 comments

Comments

Projects
None yet
1 participant
@silky
Owner

silky commented Oct 14, 2015

say i have an ident on google with foo@gmail.com, then i sign up to another oauth2 provider with that as my username (if allowed). then i could authenticate with either provider. this would be a problem; i.e. idents need to be unique across *every single oauth2 implementor'.

i guess this is why you should only allow people to authenticate with a small number of providers, or alternatively identify users in your database by their identifier and the provider, not just the id.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment