A free oauth solution?

I need to use discourse as one of a set of tools for a project. I need to have one oauth solution that identifies/authorizes a user across several platforms (discourse, mediawiki, consul project, and others) with a single identity/credentials.

One of the requisites for my project to be successful is that every user must operate under a verified and verifiable identity at all times. No anonymity allowed.

I was thinking of just using Outlook/Gmail/Github id as oauth login providers, since they are free and very common. The problem is that, even If I can do a manual KYC type verification upon signup (something very simple, such as "send me a picture of you next to your id to verify you are who you say you are), these platforms allow users to change names within their respective providers. So, for instance, someone who was verified as being John Doe, and thus allowed to operate within Dscourse/Mediawiki/Consul under than name, can still change his name from his Gmail/Outlook account and start operating under a different name in my platform, which could take time to detect and could potentially cause an undetermined amount of harm.

So, do you know of any oauth, single sign on solutions that allow me to verify someone’s identity AND limits the ability to change his identity afterwards?

A sub question to this is, can I limit user name changes within discourse?

Help will be much apreciated.

1 Like

Discourse uses the email address as the identifier. If you do something more to check their identity, then you know it’s that person. I’m not clear how it I were to change my name it would make me a different person. What damage is done if Jay Pfaffman changes their Gmail name to Jay A. Pfaffman? Or anything else?

Discourse by default will ignore what name they set on Gmail anyway.

You can disallow changing usernames.