If you always use the same devices, it would not be very useful, yes.

This would be a first step. Creating a user from a Google account would be a possibility for the future, with most of the harder parts already done. That said, if this is all that ever got done, would you object, or do you just have concerns?

I'm wary of having to keep up with a third party and their changes to the account provisioning. If we allow creating users from Google accounts, the shadow accounts we create locally can always be switched back to "use password" once Google login breaks, but I'm not sure if/how Google users can then be reached.

If we can get the Google user email, they can always recover their password once authentication through Google breaks.

So, I don't think anymore that this will create a long-standing maintenance burden, as long as we all are OK with login through Google eventually breaking.

I now realize that a Google login should be restricted to its own special page. I don't want to have a cookie warning on every page, just because we add some Google Javascript to every page that they use for setting random cookies in the users browsers.

Google broke compatibility once, when they switched from openid to openidconnect. I suspect it will be a very long time before it happens again. Unlike Facebook, where they broke it over and over until I gave up.


--
A math joke: r = | |csc(θ)|+|sec(θ)| |-| |csc(θ)|-|sec(θ)| |