Due to the the use of oauth for authentication, it's entirely possible at a future date that we may have more than one oauth provider supported (google, facebook, twitter, github, etc). We need to define what information we'll actually be storing.
Currently Google provides us with an ID, email address and the user's name.
Which of these fields are permanent, and which are transient?
Factors to consider:
I do not know if the ID is globally unique or provider specific (i.e. will google and facebook both have an ID of 23934571239245? If so, we can't use that as an identifying key. without making it a composite and tracking the provider as well.
Email addresses are tied to the provider; I created a google account with my employer's email address which I can use for OAuth, despite them not being affiliated in any way.
Email addresses are non-unique between providers-my oauth for twitter, facebook and google are all the same email address.
providers provide us with REAL names (in the case of google), not usernames. If we allow the user to create a username, that means we need a full signup process. This is presumably a one time setting.
Due to the the use of oauth for authentication, it's entirely possible at a future date that we may have more than one oauth provider supported (google, facebook, twitter, github, etc). We need to define what information we'll actually be storing.
Currently Google provides us with an ID, email address and the user's name.
Which of these fields are permanent, and which are transient?
Factors to consider: