If you are creating a product—or, really, any web site that uses OAuth or SAML for logins—please do _not_ use the user’s email address as an identifier. The OAuth claim (or SAML Assertion) will include some other way to uniquely identify the user. Do not assume a user’s email is constant.
For bonus points, support SCIM (https://scim.cloud/), allowing your customers to automatically create and delete users.
If you are creating a product—or, really, any web site that uses OAuth or SAML for logins—please do _not_ use the user’s email address as an identifier. The OAuth claim (or SAML Assertion) will include some other way to uniquely identify the user. Do not assume a user’s email is constant.
For bonus points, support SCIM (https://scim.cloud/), allowing your customers to automatically create and delete users.