Hacker News new | past | comments | ask | show | jobs | submit login

This seems like a nice user experience, but I'd be worried about leaking which email address has an account with us.



Wouldn’t the sign in mechanism (which validates e-mail) prevent this, in the sense than they won’t be able to get a third-party account to authenticate with for a particular e-mail without verifying ownership of that e-mail to the third-party provider?


You address this by only linking accounts once a user has successfully signed in with another provider. That way if their email exists from another provider, you're more certain that it's the same account




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: