Hacker News new | past | comments | ask | show | jobs | submit login

For my last two companies (both B2B), I implemented login via Google accounts only. Google login has a number of advantages:

1) Identity is an email address. If I wanted to rip out Google, or Google kicked me off the platform, all I need to do is add passwords and put a "forgot my password" link and my customers continue business as usual.

2) It's not a google-specific email address. You can create Google accounts for any email address.

3) Google login effectively lets other businesses federate their auth system with ours. When they terminate their ex-employee's @example.com account, the employee loses access to their resources at my company.

I don't think you could get away with this for a consumer company; too many people have strong feelings about FB/G/Apple/whatever. But it's fantastic for B2B.

For #2. You can use any email address for an iCloud account also.

point 3 is only true for G Suite customers - if someone is on O365 and signs up for Google normally with their company account, they can access that email after their company turns off access to the email unless they also specifically reset the Google password.

To be fair - you end up with G Suite, Okta or O365 endpoints for B2B. Apple isn't even on the radar there.

#1 is only sort-of true. You can get access to their current email, yes, but the email can change and you should be keying by the Google account ID really.

Can you educate me on what you mean by Google accounts only? I thought Google auth was just OAuth.

They have chosen to have their site or app only allow login with Google accounts, they don't support any other form of authentication.

It's a choice they made, nothing specific to Google or OAuth.

I use the Google sign in javascript:


There may be other options if you want to mess with oauth yourself, but this one is pretty near zero effort.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact