Justin Bess :: June 5, 2018
There is a problem with your third party login system
It seems to me, that developers are either overlooking the fallacy of third party login systems, or they are completely unaware of the potential pitfalls that they can cause. I know, it’s the 21st century, and we want to get things up and rolling pretty fast. Developing your own registration and login system is a lot of overhead, so why not stick with a newly alternative of a 3rd party login system? I mean, everyone has a facebook, right? So let’s just add a 3rd party login for facebook! Well, I hate to be the bearer of bad news, but not everyone has the profiles you designed for your third party login system. What if Facebook goes down, what if the government (or a foreign government) bans access (very possible). You’re limiting your possible user base in this case, and you will be helpless if the third party service goes down! Maybe this is a minor issue, maybe you aren’t too worried, because you actually have developed your own registration and login system (and if you have, kudos to you, you’re another step closer in the right direction). If the simple issues outlined above haven’t fully changed your mind, take note of this problem, which I have personally experienced (as well as a few close friends of mine). You have a user, John Doe, he uses the Github third party login feature on your site. He progresses and makes a well known name for himself on your site, he’s gotten several accomplishments, and enjoys his time on your site very much. Well, now John Doe faces an issue, ultimately forcing him to take action and remove his Github profile. Maybe his Github profile was even banned or hacked, who knows. Now, John Doe has ultimately been locked out of your site, because he’s been using this third party login system provided from Github!
If I were to add a third party login system to my site, to help combat this possible issue, I would require additional information during the sign up process, to verify a user at a later time, in case they can no longer log in via third party. I would also create an account option for all users signed in via third party services to port over all their user information into a local database, on my server, ultimately mitigating my users from having to use third party login systems if desired.