
Ask HN: Thoughts on Only allowing login by OAuth - ninadmhatre
I am in the process of releasing my webapp which requires users to login to my app first and create profile but instead of using the own login functionality i am only relying on OAuth and i am allowing users to login with Google&#x2F;FB&#x2F;Microsoft&#x2F;GitHub&#x2F;Linked-In. Only information i want is their email address (and optionally First &amp; Last name). I am also displaying what information is received from respective provider.<p>My reason for not implementing my own login is it may not be as secure as the biggies in the business, i don&#x27;t have to deal with the mess of activation&#x2F;reset password thing, OAuth is fairly simple and less complicated to implement.<p>I signup to other sites using OAuth just to avoid remembering another user&#x2F;pass, but do you think its a good idea to completely rely on Oauth?<p>I can add the help page link &#x2F; button to assure user why i am using OAuth but still will it affect the user signups and BTW all services will be free on my site.
======
detaro
Really depends on what your app does/what field it is in (what do other apps
in the space do?), and there are nearly always going to be users for which one
of the two is not an acceptable solution.

For social type stuff, Facebook/Twitter seems quite established, with
professional or technical tools I'd be more careful.

~~~
ninadmhatre
yes, you are right. I am thinking of adding my own implementation. Thanks for
your input, it was useful.

------
brudgers
Curious if the app really needs login.

If it does, I would definitely favor using something well tested rather than
trying to invent a new login process.

If it does not, I favor reducing the friction for finding users (which is
different from the number of email addresses a site can collect) by making
giving an email address opt-in.

Good luck.

~~~
ninadmhatre
it requires the login as i am collecting user data.

------
davidfm
I never use the OAuth option personally. I wouldn't read a help page. I always
offer both OAuth and email/password in implementations. I don't find managing
my own logins difficult. Having said that, the percentage of users who opt for
OAuth is much higher.

~~~
ninadmhatre
to be honest, even i think i should add my own login process but that will
require me to write the code/add reset password link and manage the
information. this is not a tricky part (2-3 days of efforts) but i need to
setup my mail on server to enable sending mails. i am looking for API to send
mails.

Thanks for your input

