Do I need UserIds in addition to Principals?

Probably a silly question, but what’s the benefit of having a separate UserId instead of have everything rely on just Principal?

For example, CanCan explicitly states that a principal may be authorized with multiple usernames (i.e. user IDs) and a single username may be shared among multiple principals.

When would that be useful? If a user’s Principal was per-session and thus constantly changing, then I would see the point. But for most authentication schemes like Internet Identity (or Torus, which I’m using), the Principal is stable. Same login credentials, same Principal.

If someone wanted to create a new account, they would create a new identity anchor on II, which would map to a new Principal. How would they even associate multiple user IDs with a single Principal?

Any thoughts? Thanks.


@diegop, do you happen to know anything about this?

(Sorry for the tag—but saw you were the author of the commit.)