Reputation: 1546
Implementing OpenID along with your own authentication
I know design is subjective. But I wanted to know if this is a good idea?
Suppose I implement OpenID connect in my application. I support sign in through multiple platforms. But now, suppose I need to maintain a database of my users for authorisation of resources on my server; or let's just say I need to store user preferences.
Is it a good idea to maintain a user's table and push data into it every time a user signs in using OpenID, or using my sign up/sign in API, using email ID of the user as the primary key (since that doesn't change) provided by OpenID?
What are some good ways to combine the two? What are some pros and cons of this? What are the best ways to support authorisation (of resources on my server) along with authentication using OpenID/oAuth?
Upvotes: 0
Views: 374
Answers (1)
Reputation: 29218
It is a really good question and not covered well in many places.
TRACKING USERS
In terms of sign in via multiple platforms a common pattern is to use the same authorization server for all types of login and 'federate' to different identity providers, with the following benefits:
- Simpler code in your UIs and APIs
- A single user id per user regardless of the sign in method
USER DATA
In the real world of business apps you often need to manage users and authorize requests via 2 sources of user data, as you indicate. A couple of my articles may provide some useful techniques:
Upvotes: 1
Related Questions
- Open Identity and OAuth
- Adding authorization to OpenID connect
- OpenID Connect, oAuth2 - Where to start?
- OpenID Connect 1st and 3rd-party Relying Parties Architecture
- can I merge OpenID connect/OAuth as one process for both Authentication and Authorization
- OpenId Connect authentication for UI and service access
- Is this the proper use of OpenID Connect for this use case?
- Implementing OpenId on my own website
- Implementing OpenID
- Provide your own openid server