I'm using App Engine / java.

I need to migrate my Yahoo users from OpenID 2.0 to OAuth 2.0 login (OpenID Connect), because OpenID 2.0 Relying Party support for logging in with OpenID 2.0 accounts in to App Engine will be turned off.

For my Yahoo users, I have following information in my datastore:

• federated identity: https://me.yahoo.com/a/...
• email address

When I implement Sign-in with Yahoo using OAuth, I need to use the information provided by the OAuth process to identify the existing user in my datastore. However, the Yahoo OAuth process does not provide an open-id (Yahoo does not support OpenId Connect) and no email address.

So how can I migrate my existing Yahoo users from OpenId to OAuth? What is the common information between both mechanisms to make the link and perform the migration?

Remark: This works fine for Sign-in with Google, because Google supports OpenId Connect. In this case OpenId Connect / open-id == OpenId / federated identity, which makes it possible to migrate users.

One possible approach is to switch to Google Identity Toolkit which offers:

• federated login handling specifics for a particular provider pretty much transparently for you
• a way of gradually migrating users authenticated by a particular provider from your existing method to the GIT one, see the "Migrate an existing site in 5 steps" section.

The only drawback I see is the limited number of providers GIT supports (sweetened a bit by support for password-based authentication). Not an issue if the providers you're interested in, like Yahoo, are in the supported list.