After digging into auth and despite all the progress the industry has made, its still pretty complicated.
Here's my thinking:
Offer the user multiple choices: Email/Password with me, Google, Facebook
I don't really want to run my own OAuth2 service but I might.
If I were building a real ecom app, I'd want to get users to give me their email instead of having to go through 3rd party. Then again, having google/fb login is better user experience. Most users don't use something like a password manager, so they're less likely to remember and more likely to reuse a password, which means the site is more likely to get breached if that data is leaked.
After digging into auth and despite all the progress the industry has made, its still pretty complicated.
Here's my thinking:
If I were building a real ecom app, I'd want to get users to give me their email instead of having to go through 3rd party. Then again, having google/fb login is better user experience. Most users don't use something like a password manager, so they're less likely to remember and more likely to reuse a password, which means the site is more likely to get breached if that data is leaked.