When your site needs user registering (e.g. to track some activity, perhaps, learning progress as in my case) - you probably first implement simple login/password system.
You soon found that:
- some users directly ask to provide OAuth login via Facebook or Twitter for example - for they don't like remembering another one password or sharing email
- also it is not that easy to manage login/password system as you need to implement "forget password" emailing and probably password cleverness check.
But which OAuth to choose. Stackoverflow, for example, had over dozen options. My own site (codeabbey) uses three:
Of course some people don't like OAuth and suspect it can steal their accounts. For this it is good to have some explanatory text near login form. Really it is much safer for users (and easier for you) because your site doesn't need to store any emails, hash passwords and thus no secrets could be spilled even if your site is hacked.
There are at least two sides of the question:
- What method is most convenient for your typical users
- What method is not too inconvenient for you as site maintainer.
Below I share my thoughts and observations for 3 popular methods - Facebook, Gmail, Github. Hopefully someone can share few others, e.g. about Twitter.
The social network with over 2 billion "monthly active" users, so (with earth population at 7 billion) great chance is you users have FB account.
Unless the site is for some location-specific users - e.g. in my native country FB is not the most popular social network.
With some additional permits you'd be able to get url to user's FB account also.
Disadvantage over years of using it, there were several times when FB sends warnings about API update and deprecation. Last email was about "critical error on your site" without comprehensible explanation (it appeared FB login won't work from plain http version of site nowadays, but that's not bug, rather their decision). Thus it requires some care in some unpredictable moments. It's a bit annoying - no one wants users to become suddenly unable to use their accounts - and it may happen that over years you forgot the details of implementation and need time to recollect.
Also it's API is a bit more weird, especially JS-backed form. Not sure if anything was improved.
Google also has comparable user base. It never required any care after years. It just works.
Disadvantage there is no link to any social profile (even while
Google+ was working it was useless). There is some API which can give google user identifier / email additionally.
This is of course specific - good if your users are related to IT, software development etc.
But you get link to github profile at once. I never needed to improve or change anything in years after I added it to site. Also it is (my personal opinion) slightly easier to implement then both others.
It was one of the first providers, as I remember (perhaps before OAuth itself), and it still has a lot of accounts. However, before I decided about adding this to site, I've seen StackOverflow ending using it - and this made me thought that I can spare efforts and don't try this.
Seemingly rival identity services provided by social networks made this option barely useful and it seems like becoming dying / marginal slowly.