Hacker News new | ask | show | jobs
Ask HN: Thoughts on Only allowing login by OAuth
1 points by ninadmhatre 3381 days ago
I am in the process of releasing my webapp which requires users to login to my app first and create profile but instead of using the own login functionality i am only relying on OAuth and i am allowing users to login with Google/FB/Microsoft/GitHub/Linked-In. Only information i want is their email address (and optionally First & Last name). I am also displaying what information is received from respective provider.

My reason for not implementing my own login is it may not be as secure as the biggies in the business, i don't have to deal with the mess of activation/reset password thing, OAuth is fairly simple and less complicated to implement.

I signup to other sites using OAuth just to avoid remembering another user/pass, but do you think its a good idea to completely rely on Oauth?

I can add the help page link / button to assure user why i am using OAuth but still will it affect the user signups and BTW all services will be free on my site.
3 comments
detaro 3381 days ago
Really depends on what your app does/what field it is in (what do other apps in the space do?), and there are nearly always going to be users for which one of the two is not an acceptable solution.

For social type stuff, Facebook/Twitter seems quite established, with professional or technical tools I'd be more careful.

link
ninadmhatre 3380 days ago
yes, you are right. I am thinking of adding my own implementation. Thanks for your input, it was useful.
link
brudgers 3381 days ago
Curious if the app really needs login.

If it does, I would definitely favor using something well tested rather than trying to invent a new login process.

If it does not, I favor reducing the friction for finding users (which is different from the number of email addresses a site can collect) by making giving an email address opt-in.

Good luck.

link
ninadmhatre 3380 days ago
it requires the login as i am collecting user data.
link
davidfm 3381 days ago
I never use the OAuth option personally. I wouldn't read a help page. I always offer both OAuth and email/password in implementations. I don't find managing my own logins difficult. Having said that, the percentage of users who opt for OAuth is much higher.
link
ninadmhatre 3380 days ago
to be honest, even i think i should add my own login process but that will require me to write the code/add reset password link and manage the information. this is not a tricky part (2-3 days of efforts) but i need to setup my mail on server to enable sending mails. i am looking for API to send mails.

Thanks for your input

link