Reputation: 51
Database structure for multiple authentication sources of users in a web app
I'm trying to work out how to structure a database schema that allows me to have multiple authentication sources for the same end-user.
For example, my web app would require users to sign in to utilize many of the functionality of features of the app. However, I do not want to be responsible for storing and authenticating user passwords.
I would like to outsource this responsibility to Google, Facebook, Twitter and similar identity providers.
So I would still need a database table of users, but no column for a password. However, these are authenticated would not be my concern. But I would still need to somehow associate my user with the identity providers user id. For example, if my user signs up with Google, I would store the users Google ID and associate this with my user. Meaning next time the user makes an attempt to login and is successfully authenticated at Google, I would make an attempt to find any user in my system that has this associated user id.
I've been trying to look for some common and recommended database structures, with no luck. Maybe I'm searching for the wrong terms for this because I cannot imagine that this is an uncommon way to do it. StackOverflow seems to do something similar.
The way I imagine it, it would allow me to associated multiple authentication sources for one app user. Meaning once I've signed up with Google, I can go to my settings and associate another account, for example, a Facebook account.
How should I go about achieving this in a flexible and clean way?
Thanks.
Upvotes: 5
Views: 2881
Answers (1)
Reputation: 1876
You need to know what data you have to save in your db to authenticate a user with a third party login. For example, once I used Google to login users in my app, I save Google user id first time a user logs in and get data the next time.
You could have an entity with third party providers, so you will create a table with 2 values, user_id (your user data) and provider_id (Google, facebook, twitter...).
If you are going to use just one provider then you could add provider_id field to your users table.
Upvotes: 1
Related Questions
- General Database Design for Authorization & Authentication Webservice that use in all range of application
- Database structure for multi-users web application
- Single Authentication Database for multiple applications
- Authentication Database Fields
- How to model a MySQL structure to deal with authentication? With users information separated
- Multiple Login area
- Table Design for Multiple Login Methods
- How to design database for authorization and authentication
- Users database structure that allows multiple simultaneous logins to same account
- Best way to handle user account authentication and passwords