-
-
Notifications
You must be signed in to change notification settings - Fork 1
User IDs and email addresses
Authwave uses email addresses as the primary identifier, but should not be used as the key when storing references to users in your application.
Even though it is true that one email address can only ever represent one user, it is possible that a user may want to change their email address at any point, or use multiple email addresses.
This is why Authwave provides an id field for every user, which is a globally unique identifier that will not change if the user decides to change their email address. IDs are consisted of between 32 and 64 alpha-numeric characters (represented by regex /[a-z0-9]{32,64}/). The current implementation (April 2020) provides IDs of 32 characters in length, but the extra length should be reserved for future releases.
IDs are non-sequential and non-deterministic. This means that it is safe to disclose the IDs to the user through your application's interface (in URLs, hidden form fields, etc.).
When your application needs to access the user's email address, this can be done by querying the Authwave API as and when the email address is required. It is advised that client applications never store the user's email address, removing the issues surrounding changing email addresses and data protection legislation.