Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question - Any reason for OAuth being only available on signin's and not signups? #339

Closed
nate-oo opened this issue May 16, 2024 · 2 comments
Closed

Question - Any reason for OAuth being only available on signin's and not signups? #339

nate-oo opened this issue May 16, 2024 · 2 comments

Comments

@nate-oo
Copy link

nate-oo commented May 16, 2024

Just looking for some more context to help me better understand the Auth setup.

Question 1:
Is there a reason you chose to only allow OAuth social provider on signin forms and chose to exclude from being on signup forms? Just wondering is this is opinionated or if there is an underlying reason that OAuth shouldn't be used for signups/account creations.

Question 2:
Also, if they signup using email & password, they then logout, and then come back to signin but this time with OAuth, the only way that their accounts would link today would be through automatic linking if their social provider OAuth email is the same as what their email was upon email & password signup correct?

If so, there is not much you can do there right, except add a note on the signin page like:
"If you are choosing a different signin method, it must use the same email address that was used when you created your original account. Not doing so results in a new account and you might not have access to the same features.".

Rough example text there...quite long but illustrating the point.

Thanks, guys!
Nate
@nyxb
Copy link

nyxb commented May 19, 2024

@nate-oo

Question 1: Using OAuth for Sign-Ups

There is no technical reason to restrict OAuth social providers to only sign-in forms and exclude them from registration forms. Supporting both registration and sign-in with OAuth can enhance user experience by providing more flexibility and reducing barriers to entry. This can lead to higher user adoption and a smoother onboarding process.

Question 2: Linking Accounts with Different Sign-In Methods

Yes, if a user initially signs up with an email and password, and later signs in with an OAuth provider like GitHub, the accounts can be automatically linked if the email addresses match. If the email addresses do not match, additional steps are required to link the accounts manually. Providing users with guidance can help avoid confusion and ensure accounts are properly linked.

Conclusion

Using both email/password and OAuth for authentication is feasible and can improve user experience and security. By providing clear instructions and leveraging Supabase's capabilities, you can create a seamless and secure authentication system.

References:

@nate-oo
Copy link
Author

nate-oo commented May 20, 2024

Thanks, @nyxb! That helps clarify it for me.

@nate-oo nate-oo closed this as completed May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nyxb @nate-oo