Poor Software Product Management Chronicles: E-Auth, I-Auth, OAuth, Fuck Off
From the
This Is Why We Can't Have Nice Thingsdepartment.
When you are registering or logging into an online or app service and they provide a button or link to “Log In Using #Google/#Microsoft/#Facebook”, the service is using what they call an OAuth provider. Technically only #OAuth2 is used these days, but its all the same thing – see [https://en.wikipedia.org/wiki/OAuth]
How OAuth or Open Authentication works is:
- Service needs/wants you to register or login
- If Service – or you – don't want yet another account to maintain, then you can choose to
Log In UsingGoogle/Microsoft/Meta/LinkedIn/any OAuth provider that Service cares to support - Service redirects your registration/login to Google/Microsoft etc. (lets call them OAuth Provider)
- Service asks OAuth Provider to vouch you as a person and gives a list of info that Service needs
- OAuth Provider handles all the hard stuff like 2Factor, password resets, and asks your permission for all the info that Service wants to see (or change)
- If you satisfy OAuth Provider and give the right permission, OAuth Provider redirects you back to Service
- OAuth Provider ALSO gives Service a token, which allows Service to access (or modify) your info at Provider that it had asked for.
As much as one might complain about consolidation (or ransacking) of your data by Big Corpo, there are compelling arguments for OAuth services. As a user its nice to reuse a common account (i.e. your Gmail or Hotmail address) across multiple services, instead of what would technically be a seperate account (but using the same email address) for each. For example, if you change your Gmail password, your password for all the services that use your Gmail account via OAuth are automatically updated.
As a Service developer OAuth is handy because a) its a convenience to your users and b) it means you don't have to implement annoying account/profile management features like facilities to reset your password, or change your email... or more likely the case these days, two factor authentication (what a pain!) – the OAuth provider handles all of this. All you have to do is integrate support for the OAuth provider.
And of course the #OAuth provider loves it (and $implements all of the account/profile management junk and 2FA) because they get to know even more about you; for example, you're now visiting Service – and how often – and they get to watch as Service accesses or changes your data. MMmmm. Yummy user profiling data lake synergies.
A problem arises however, when a user no longer wants to associate their account on Service with their OAuth provider. I have yet to see any Service that provides an Unlink my Google/Microsoft/OAuth account from THIS account feature.
Zoomed when I shoulda Zagged
My company (SmolCo) was recently aquired by a big conglomerate parent (Innitech). We had company #Zoom accounts. My Zoom account was tree@smolco.com and could log in with a password that I had direct control over. Our corporate email accounts were hosted Gmail accounts, so tree@smolco.com was also a Google account, but I had only used it as an email address for my Zoom account.
At some point however, I must have clicked – in accident, or I was in a hurry – on that Log In With Google button and logged in – inexorably linking my tree@smolco.com Google account via OAuth with that Zoom account.
So flash forward to our aquisition. My tree@smolco.com address has now changed to tree@innitech.com – this change happened automatically by our IT department, but it wasn't a migration within Google, we swapped hosting from Google to Microsoft – that innitech.com email is now an Office365 account (joy).
So log into Zoom now. IT switched our email accounts and IT controls our Zoom accounts, so surely the zoom account would also – no.
Ok, log in using the old Google account. That works. Ok – the problem is the email address which we must change. Zoom –> Profile –> Change email address. Changed email address to tree@innitech.com.
Can't log in. It turns out that because the Zoom account is now linked to an OAuth account that has now been deactivated there's no way to log in – the OAuth redirect goes to a stale Google account and you can't log into the Zoom account to do anything about it – there isn't any thing there TO do anything about it.
So now my IT guy has to delete my Zoom account entirely and recreate it. Which, good thing I didn't have any meeting recordings or anything I wanted to save... :(
Well that was fast
Oh and another thing – Dear Software Service companies that have ticketed customer support: Stop grading your support techs on how fucking fast they close the tickets
On Thursday, I submitted this ticket:
2025-02-12 07:20:48 PST - Tree
hi - My company has been aquired and our hosted google accounts, while still available, are discontinued from use. Would like to unlink my google account tree@smolco.com from my zoom account and use only tree@innitech.com email for account login.
Clear, no?
2025-02-13 09:27:49 PST - <Zoom Tech> comments
Hello,
Thank you for contacting Zoom Billing! We’d be more than happy to help you change the email associated with your account.
Please click the link below for instructions on how to changing the email on your account:
https://support.zoom.us/hc/en-us/articles/201362563-Changing-the-email-associated-with-your-account
While most mail servers receive Zoom’s email within a few minutes, some may take longer. If you didn’t receive a verification email, confirm that no-reply@zoom.us is allowed in your inbox and check your spam folder if you still can’t find the email.
Please let me know if you have any other questions.
Thank you,
<Tech>
2025-02-12 16:53:25 PST - <Tech> comments
Case Closed. Transferred to: <case ID>s
Ok, so never mind the fact that it was closed Thursday afternoon before actually being “resolved” Friday morning, the article that Tech sent, wasn't very helpful, because under the section titled
How to change the sign-in email if you don't have access to the original email
it says:
If you no longer have access to your original email address to verify the change, learn what options are available to you based on your account type.
If you're on a Basic (free) account, you will need to create a new Zoom account.
If you're on a paid account, complete the following steps:
- Access the support request form.
- Next to Unable to access your account?, click Troubleshoot login issues. The chatbot will open and provide you with a list of options to assist you with changing your login email if you don't have access to the original email address.
Now, how tf does one think I wound up at the place where I submitted the request above?
Hi, I'm Zoe 🤖 Zoom's Virtual Agent.
Zoom may retain your chat transcript to use for quality, training, and analysis purposes.
How can I help you today?
-----------
You 12:05 PM
Change Login Email
-----------
ZVA BOT 12:05 PM
Let’s change the email associated with your account.
Note: To change your email, you need a unique email address that is not associated with another Zoom user or account.
Do you still have access to your original email?
-----------
You 12:06 PM
No
-----------
ZVA BOT 12:06 PM
If you can no longer access your original email address to verify the change, you can sign up for a new account or chat with a Billing agent.
.. and then gives you the option to chat with Billing Agent. So I just emailed support later.
Changelog
2025-07-28 – initial