undefined | Better HN

0 pointspphysch3y ago0 comments

What "lock in"? If I use Google OIDC for my app, there's nothing stopping me from automatically migrating every Google user to a local account pre-populated with their Google claims, or from mapping those users to different identities, and permanently disabling Google OIDC.

0 comments

5 comments · 3 top-level

donmcronald3y ago· 1 in thread

I've never used it, but they can ban your app token, right? So I assume you need to make sure you're keeping your own up-to-date copy of all claims you have access to.

> there's nothing stopping me from automatically migrating every Google user to a local account pre-populated with their Google claims

I wonder your user retention would look like in that situation.

dikei3y ago

> I've never used it, but they can ban your app token, right? So I assume you need to make sure you're keeping your own up-to-date copy of all claims you have access to.

That's why you should always provide multiple method of authentication.

A simple way is fetching your user email from the OIDC provider, then use it for username/password authn. It's less convenient, but it prevents user from being locked out in case something's wrong with OIDC.

api3y ago· 1 in thread

I’m talking about users. Can users change their login provider? Some apps allow this but most don’t.

clintonb3y ago

> Can users change their login provider? Some apps allow this but most don’t.

You answered your own question. This is an issue with the app creator not supporting multiple providers, not with OIDC.

alexvoda3y ago

Do you allow users to login with any identity provider they want by just providing a URL or do you lock them in to You, Google, and a few other options? You are not the one locked in, your users are.

The original vision for OpenID was for users to own their identity. They could choose their identity provider (including self-hosted) by providing a URL. But it got distorted into Google/MS/FB/Apple owning your identity.

j / k navigate · click thread line to collapse