Applications that implement a "Sign in with ..." flow must not use a mutable identifier to match external users to the internal user management system. Several web applications implementing "Sign in with GitHub" have been found to be vulnerable to this.
This is the first blog post of a multi-part series about control on the web. The goal of this series is to be the go-to guide for anyone that needs help with setting up access control (authentication & authorization) for their web application.
Read this guide to learn how to implement authentication and authorization for mobile, browser, and native apps with better user experience and buffed security.