Enzo Learns: Part 7, Analyzing Quora’s login scheme
For the past few days, I have been researching heavily on how to authenticate my API and as well as managing 3rd-party logins.
Aside from a local signup, (the default sign-up process on most websites) I have been planning to integrate a Login with Facebook, Google, and Twitter on my Side project.
I’ve spent most of my time reading about OAuth, JWT, and Passport.js since yesterday. I’ve also been exploring blogs on dev.to, on Medium and I haven’t found any real straightforward answer to my questions.
And so, I decided to analyze how Quora handles their login schemes.
Continue with Google
First off, I remember creating an account using the Continue with Google option. So using the same button, there are no problems being presented when I try to login after creating an account.
This time, I tried to log-in normally (using the email and password field) on the right hand side. Of course, I didn’t (you can’t. It just makes an account for you) set a password when I signed up with Google so an error message said that my password is incorrect. I tried using an invalid email and I concluded that it recognizes the email I used using Google.
In other words, when I signed up using google, it also gave me an email to use for logging in locally.
What happens if I reset my password?
I did not let my curiousity stop there. And so I tried to reset my password. At first, I thought it isn’t working. I almost tried to report a bug but then I got the barrage of emails after a few minutes. Maybe after 5, or 10 minutes, I’m not sure.
Anyway, I tried to reset my password and it went on smoothly.
What happens next?
Next, I tried to log-in using the newly set password. Sure enough, it logged me in. So does that mean my Google integration is gone?
Of course, I ventured to find this out. I logged out once again and tried to login using Google this time. Unexpectedly, I can still login via Google.
So right now, I can login via 2 methods. Google, and Local (traditional form-y way).
Continue with Facebook
Of course, I didn’t stop there. I tried logging in using Facebook, (I have same email address used in Facebook and Google) and sure enough, it logged me in again.
What does that mean?
I can now log in via 3 methods: Google, Facebook, and Local.
How can this information help me?
In conclusion, we can safely assume that once you sign-up for an account in Quora, they will give you a unique email address (your email) and then you can combine that as well with any other 3rd-party means such as Facebook login and Google login. This just means your login would work alongside one another.
Having observed this, I will try to implement it in my Side project. I didn’t expect user authentication to be so high-level and daunting! I want to code alreaaaaadyyyyy!
If you are reading this, thank you for reading until the end, and as always, see you on my next posts!
