How to handle multiple openIDs for the same user
- by Sinan
For my site I am using a login system much like the one on SO. A user can login with his Facebook, Google (Gmail openID), Twitter account.
This question is not about specific oAuth or openID implementations.
The question is how to know if the same user logins with different providers.
Let me give an example:
Bobo comes to site logins to site by clicking on "Login with Facebook". Because this is his first visit we create an account for him.
Later Bobo comes to the site. This time he clicks on "Login with Google". So how do I know if this is the same person so I can add this provider to his account instead of creating a new (and duplicate) account.
Can I trust solely on email?
What is the best way to handle this. How does SO do it?
Any ideas?