You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Just looking for some more context to help me better understand the Auth setup.
Question 1:
Is there a reason you chose to only allow OAuth social provider on signin forms and chose to exclude from being on signup forms? Just wondering is this is opinionated or if there is an underlying reason that OAuth shouldn't be used for signups/account creations.
Question 2:
Also, if they signup using email & password, they then logout, and then come back to signin but this time with OAuth, the only way that their accounts would link today would be through automatic linking if their social provider OAuth email is the same as what their email was upon email & password signup correct?
If so, there is not much you can do there right, except add a note on the signin page like: "If you are choosing a different signin method, it must use the same email address that was used when you created your original account. Not doing so results in a new account and you might not have access to the same features.".
Rough example text there...quite long but illustrating the point.
Thanks, guys!
Nate
The text was updated successfully, but these errors were encountered:
There is no technical reason to restrict OAuth social providers to only sign-in forms and exclude them from registration forms. Supporting both registration and sign-in with OAuth can enhance user experience by providing more flexibility and reducing barriers to entry. This can lead to higher user adoption and a smoother onboarding process.
Question 2: Linking Accounts with Different Sign-In Methods
Yes, if a user initially signs up with an email and password, and later signs in with an OAuth provider like GitHub, the accounts can be automatically linked if the email addresses match. If the email addresses do not match, additional steps are required to link the accounts manually. Providing users with guidance can help avoid confusion and ensure accounts are properly linked.
Conclusion
Using both email/password and OAuth for authentication is feasible and can improve user experience and security. By providing clear instructions and leveraging Supabase's capabilities, you can create a seamless and secure authentication system.
Just looking for some more context to help me better understand the Auth setup.
Question 1:
Is there a reason you chose to only allow OAuth social provider on signin forms and chose to exclude from being on signup forms? Just wondering is this is opinionated or if there is an underlying reason that OAuth shouldn't be used for signups/account creations.
Question 2:
Also, if they signup using email & password, they then logout, and then come back to signin but this time with OAuth, the only way that their accounts would link today would be through automatic linking if their social provider OAuth email is the same as what their email was upon email & password signup correct?
If so, there is not much you can do there right, except add a note on the signin page like:
"If you are choosing a different signin method, it must use the same email address that was used when you created your original account. Not doing so results in a new account and you might not have access to the same features.".
Rough example text there...quite long but illustrating the point.
Thanks, guys!
Nate
The text was updated successfully, but these errors were encountered: