Comment by crote

1 year ago

Just use an integer or GUID or something as primary key. It is still totally fine to use an email address as username, of course - just keep a separate email-to-user mapping and don't use the email itself as primary key.

Treat the email address like a name field: it's probably not going to change, but don't make it impossible to do so when someone wants to.

2 comments

crote

Reply
andygeorge  1 year ago

> Just use an integer or GUID or something as primary key

We're not talking random apps and services, we're talking about the big providers that are commonly used for SSO, where "just change ur primary key" is wildly impractical at best, and more likely impossible at their scale. That ship, as it were, has already sailed.

  • saurik  1 year ago

    Those providers already don't use email addresses as their primary key: their login APIs all allow you to get access to an underlying ID of the user (I say "an" as, in the case of Facebook at least, they no longer give you the global one but map you to an application-specific one, to prevent 3rd party apps doing correlation).