What are the most relevant techniques to implement user authentication?
The commonly used ones that I have been able to figure out are:
Username, Password
Asks user to provide a username and password, but this does not have implicit ways to capture any user information. The only way for that may be to have additional forms asking for details like first name, last name, dob, etc.
SSO / Oauth
Google, Github, Facebook etc - these may be used to fetch some information about the user from their accounts.
Magic link
This is somewhat confusing, although the use is pretty straight forward. In certain websites for e.g. while Signing Up the magic link is sent to the user's email address. Upon clicking on the link, the user is prompted to enter that "email's" password within the context of the website/application.
This seems scary at the very least because of the absence of the SSO / Oauth like UI/interface. Once authentication is verified, user information may be fetched by looking up the response. A typical response that Passport for Google sends is:
Multi Factor Authentication
This also may not provide any implicit ways to retrieve/fetch user information.
Any other ways to implement authentication?
Also, is there a best practices list for "user information" most commonly fetched after any authentication techniques return a verified user?
Top comments (0)