I'm writing a web application with a Google OAuth requirement.
Do you think I need a "traditional" login (user/password) or if I store the emails and access tokens, encrypted, is enough?
All my users has a Google Account.
Asked
Active
Viewed 329 times
1
-
1Hi, this question is off topic. StackOverflow is for objective questions about an actual programming problem that you're facing. Instead, I urge you to search the archives of [Programmers SE](http://programmers.stackexchange.com) as I'm sure your question has been asked there already in some form or another. Good luck! – jmort253 May 20 '12 at 19:35
-
OAuth authenticates between your app and the api, it does nothing for the security of the data on your site. – May 20 '12 at 19:37
-
@Dagon uhm, yes... but I mean, if I can verify that I have that user authenticated through OAuth, I don't need store new passwords for my own, don't you think? There are many services that allow various OAuth authetications and the user/pass is accessory – rubdottocom May 20 '12 at 19:40
-
I won't vote to close because I think a good answer here would be beneficial to SO as far as "How is OAuth used [correctly]?". In any case, see: http://stackoverflow.com/questions/3376141/openid-vs-oauth , http://en.wikipedia.org/wiki/OAuth (On the other hand, I would not be surprised if this *was* a duplicate question...) – May 20 '12 at 19:42
-
i don't know enough about your site to answer that, but generally i would say no. – May 20 '12 at 19:42