joystick icon indicating copy to clipboard operation
joystick copied to clipboard
verified publisher icon cheatcode

OAuth accounts

Open rglover opened this issue 4 years ago • 1 comments

Add support to accounts object for common OAuth providers:

import ui, { accounts } from '@joystick.js/ui';

accounts.github();
accounts.google();
accounts.facebook();
accounts.twitter();

Would also be good to have a hook for defining your own OAuth accounts provider.

rglover avatar Oct 27 '21 16:10 rglover

Doing this the way you have for your own apps is the best way to go. Basically, we create a regular, email-based account for a user and generate a password like oauth_<32> and hash it like a normal password.

Why: this prevents a nightmare if/when the user deletes the OAuth provider account but wants to keep their account with our app. If that happens, this allows them to just reset the password for the account (which, by principle, converts it from an OAuth-only account to a password-based one).

In terms of data structure, users in the users collection/table should just get extra OAuth fields with the provider name. For SQL databases, I think relying on JSON structures for this is preferred.

rglover avatar Jul 24 '24 18:07 rglover