I am currently using federated authentication via openid in appengine - using google, yahoo, myopenid as the providers
Had a question as to what I should be storing in my db to identify returning users. I am currently storing user.getNickname() - (for google and yahoo this returns the users email address).
User user = userService.getCurrentUser();
String username = user.getNickname();
I use this to store and retrieve user specific data.
Is this the right way to proceed? Is the getNickName() unique? I see that User also has a user.getUserId() method and a user.getEmailId() method.
should I be using user.getUserId() instead?
getNickname()
- don't use this.getUserId()
- this is logical, but the problem could be if users forget which identity they used with your site (I have multiple accounts with google, plus yahoo and facebook). This could lead to creating multiple account for one person. But then, some people want this. Also, this remains the same for Google users even if they change their email.'getEmail()` - is actually similar to ID - uniquely identifies user. CAN be different then ID if users use alias email to log in.
Anyhow, when users log in for the first time you should present them with Account Details page (like SO does). Also, you should give users ability to aggregate identities into one account.