My plan for this web app is that it needs the user to log in with LinkedIn, and the user’s id on the site and database is their LinkedIn id.
So, the most convenient and elegant thing would seem to be to have no “native” login at all, and just have the user log in with LinkedIn from the start.
Having seen recent disaster for Twitter api developers, I now wonder if this is considered too risky. I am assuming that it is allowed by LinkedIn (haven’t checked that yet).
Alternatives could be:
- native login then login with LinkedIn after that.
- OpenId login and then login LinkedIn after that.
- Somehow have a backup login incase linkedin kicks me off.
Any thoughts on the main idea or alternatives? Any other ideas?
As soon as you require a user to create a native login, you’re making the usability of your app more challenging IMO. I hate, hate, hate it when I’m forced to create a new account on a site when a single button press would work.
Of course, usability would be at near zero in the unlikely circumstance that LinkedIn’s provider no longer works for your app. So, there are tradeoffs.
Does LinkedIn provide access to the user’s e-mail address when you authorize them? If that’s the case, you could just login with LinkedIn. If LinkedIn’s provider no longer works for your app, you could send users an email with a temporary password in an authoritative way. If they don’t provide an e-mail address via their provider, then you’ll be forced to collect it separately directly from the user (and potentially verify it in case the user made a typo or something).