I have a Web Application that permits user to register though a normal HTML Form, or via Facebook or Google. The question is what password should I store in the database, because even if the OAuth provider gives me relevant information like email, name, age, etc... It Obviously does not give you a password. What would be the correct password to store in Database? I have a few ideas:
- Generate a Random one and send it through email (Not very secure)
- Add an empty string. (They will never be able to login using a password because on acceptin login request I validate that password should contain more than 5 characters, this sounds like a very hacky way to do it)
- Make it compulsory to fill in a password after registering through OAuth provider.
Any Thoughts?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire