Betrayy
TTCTheo's Typesafe Cult
•Created by Betrayy on 1/17/2025 in #questions
Supporting multiple auth providers
This is more so a high level backend question, but I am wondering what is the expected behavior if I want to allow users to sign in to my app via Google, Discord, GitHub, and even just plain ole credentials (email + password).
Should I create a separate account for each provider that the user logs in with (regardless of the email), or should I do some sort of auto account linking where I would merge multiple providers into the same account if the email is the same? Unsure if that would impose account hijacking issue or any other security issues.
Another potential edge case is that if I were to do account linking, say with Google and credentials, and the user changes their Google email, should I still honor the linkings because it's still the same Google account?
These are just some of the thoughts I had, so basically I am wondering if there's a standard way to handle supporting multiple auth providers.
31 replies