Ask HN: Can my users prove they own a GitHub/LinkedIn account, would this work?

3 pointsdukedougal9y ago2 comments

I want my users to prove their identity, or at least go some way towards establishing trust by saying "see I can be trusted, look, these is my LinkedIn account and this is my GitHub account".

I could possibnly do this my requiring them to sign in via Oauth to those sites, but maybe it would be easier to give the user a random string and get them to put it somewhere like on a public github page, thereby proviong that they own the account.

I'm not sure, maybe there is somewhere on LinkedIn that a string could be placed that proves the user owns the account.

What do you think of that idea?

2 comments

andymurd9y ago

keybase.io do something similar with github - they give you a piece of text to publish as a gist. It seems to work for them.

niftich9y ago

Also, domain validated certificates issued by CAs work the same way: among a few other requirements, you publish a value provided by them at a specific relative URL on your domain.

j / k navigate · click thread line to collapse