We are about to begin developing a new client imaging web site, and want to be able to let the customer sign up using their Facebook or G+ account.
But we don't have a clue how it's done, or where to start.
Is there some golden rule of how it's done, as they are giving us those details.
I guess it has to be on a SSL, but that's as far as I know.
How do "Facebook" and "Google+" logins work on a web site?
Moderator: General Moderators
-
simonmlewis
- DevNet Master
- Posts: 4435
- Joined: Wed Oct 08, 2008 3:39 pm
- Location: United Kingdom
- Contact:
How do "Facebook" and "Google+" logins work on a web site?
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
All the best from the United Kingdom.
Re: How do "Facebook" and "Google+" logins work on a web sit
There's no "golden rule", if I'm understanding you correctly.
The login method varies by provider but at its core you send the user to a special URL on the provider's site, they log in there, possibly approve of some permissions for your site to use their account, then return to your site. When they return you get information about the account - typically just some identifier you would use to query their API to get the actual information. As for your site, you'll need to be able to create a sort of user account for them when they come back. Because you will need actual records on your site corresponding to the user.
Google+ Signin (don't worry, it's not just for Google+)
Facebook
When we were planning to implement "social login" (I don't know if that's an official term or anything) at my work we were going to do this:
- Core user information is basically just an email address - everything else is optional
- User accounts can have different authenticators: a normal account has a password authenticator, a Google+ account used a Google+ authenticator, a Facebook account used a Facebook authenticator
- Normal users could use our regular password login while other users could establish a password login if they wanted
- Social login users could try to use the regular login with their email address, but without a password authenticator they'd never be able to get in
- Someone who logs in from Google+ would be logically different from someone from Facebook, even if the email addresses were the same; there would be a "add a $provider login" option somewhere that would also handle consolidating multiple accounts
The login method varies by provider but at its core you send the user to a special URL on the provider's site, they log in there, possibly approve of some permissions for your site to use their account, then return to your site. When they return you get information about the account - typically just some identifier you would use to query their API to get the actual information. As for your site, you'll need to be able to create a sort of user account for them when they come back. Because you will need actual records on your site corresponding to the user.
Google+ Signin (don't worry, it's not just for Google+)
When we were planning to implement "social login" (I don't know if that's an official term or anything) at my work we were going to do this:
- Core user information is basically just an email address - everything else is optional
- User accounts can have different authenticators: a normal account has a password authenticator, a Google+ account used a Google+ authenticator, a Facebook account used a Facebook authenticator
- Normal users could use our regular password login while other users could establish a password login if they wanted
- Social login users could try to use the regular login with their email address, but without a password authenticator they'd never be able to get in
- Someone who logs in from Google+ would be logically different from someone from Facebook, even if the email addresses were the same; there would be a "add a $provider login" option somewhere that would also handle consolidating multiple accounts
-
simonmlewis
- DevNet Master
- Posts: 4435
- Joined: Wed Oct 08, 2008 3:39 pm
- Location: United Kingdom
- Contact:
Re: How do "Facebook" and "Google+" logins work on a web sit
What are meant to be the key benefits of doing this anyway?
Is it worth it, and is it more problematic than just having their create a specific login for your web site.... meaning they won't have to "share" their Facebook info with others.
Be good to know your thoughts, as it's clearly a hefty job to integrate.
Is it worth it, and is it more problematic than just having their create a specific login for your web site.... meaning they won't have to "share" their Facebook info with others.
Be good to know your thoughts, as it's clearly a hefty job to integrate.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
All the best from the United Kingdom.
Re: How do "Facebook" and "Google+" logins work on a web sit
The chief benefit of single sign-on is that users don't need to remember different username/password combinations for every site they visit. It's really just a convenience for your users. They're not really sharing their Facebook info, they're just authorizing your app, and they can easily turn around and revoke that privilege.
-
simonmlewis
- DevNet Master
- Posts: 4435
- Joined: Wed Oct 08, 2008 3:39 pm
- Location: United Kingdom
- Contact:
Re: How do "Facebook" and "Google+" logins work on a web sit
So it's a way of logging in, via Facebook, to our web site?
So what do we store...? Just their email and password, just a userid and Email?
So what do we store...? Just their email and password, just a userid and Email?
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
All the best from the United Kingdom.