Apple and Google has an auth flow where the user first enters their user id and then depending on whether the user exists, prompts for their password or registration details.
Stripe however has a different approach that might be more secure (thinking about info leakage). The registration and sign in works exactly the same. A new user will be created if the user id hasn't been taken, otherwise it'll authenticate. There can still be both a "Sign in" and "Registration" page, but the same logic will be used for both. This method does make the confirm_password field obsolete, and would require that only user id and password is required for initial account creation.
The guide can maybe also be combined with anonymous sign up (temporary accounts that will ask the user to input credentials to store the account permanently).
An elixirforum post prompted this idea.
Apple and Google has an auth flow where the user first enters their user id and then depending on whether the user exists, prompts for their password or registration details.
Stripe however has a different approach that might be more secure (thinking about info leakage). The registration and sign in works exactly the same. A new user will be created if the user id hasn't been taken, otherwise it'll authenticate. There can still be both a "Sign in" and "Registration" page, but the same logic will be used for both. This method does make the
confirm_passwordfield obsolete, and would require that only user id and password is required for initial account creation.The guide can maybe also be combined with anonymous sign up (temporary accounts that will ask the user to input credentials to store the account permanently).