[Discuss] Don't save credentials for non-email providers

[samtstern]

The SmartLock team has learned over the years that IDP credentials that don't include a password or token actually do more to confuse than help.

We could change our strategy:

• Only save email credentials
• ^ and also save Google credentials since we can use them to get an ID token
• ^ and also save Phone number credentials

But I don't think Facebook or Twitter credentials really have any value.

[SUPERCILEX]

Huh, I thought I had responded to this, but I guess not. Anyway, I totally agree with you! 😄 In fact, I just ran into this a week or so ago: Smart Lock auto signed me in to Twitter which was really confusing since they aren't the best provider and use a Webview without autofill support. TL;DR: it was annoying and I would have much preferred Google or email sign-in which would have been faster. To compromise, I created #1166 which still saves the credentials so users know they have an account with an app, but it doesn't suggest using unpleasant IDPs to optimize the UX flow.

[samtstern]

This issue has been fixed and released in 3.3.0.