I’m currently developing a website. Visitors can sign in with their Twitch account. I’m currently recognizing already registered users using their Twitch ID. Is this good practice? I just want rest assured that ids of Twitch users cannot change, so I can use this as a reliable source to recognize users later when they login again.
I would use an ID that you generate on a per-user basis just in case of changes or attacks that target your user database. Make it less identifiable that way.
Upon first login I already save a generated ID (the ones I maintain myself) and the Twitch ID to the users database entry. I’m using the Twitch ID to recognize the user on further logins, but all relationships to the users e.g. posts, likes etc. reference to the ID I generated myself.
Does this approach follow your recommendations? Did I understand you correctly?
My problem has been solved, DallasNChains, thanks a lot (also to everybody else). I don’t want to burden you with details, except if you just ask out of interest.