How do "Facebook" and "Google+" logins work on a web site?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

How do "Facebook" and "Google+" logins work on a web site?

Post by simonmlewis »

We are about to begin developing a new client imaging web site, and want to be able to let the customer sign up using their Facebook or G+ account.

But we don't have a clue how it's done, or where to start.

Is there some golden rule of how it's done, as they are giving us those details.
I guess it has to be on a SSL, but that's as far as I know.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: How do "Facebook" and "Google+" logins work on a web sit

Post by requinix »

There's no "golden rule", if I'm understanding you correctly.

The login method varies by provider but at its core you send the user to a special URL on the provider's site, they log in there, possibly approve of some permissions for your site to use their account, then return to your site. When they return you get information about the account - typically just some identifier you would use to query their API to get the actual information. As for your site, you'll need to be able to create a sort of user account for them when they come back. Because you will need actual records on your site corresponding to the user.

Google+ Signin (don't worry, it's not just for Google+)
Facebook

When we were planning to implement "social login" (I don't know if that's an official term or anything) at my work we were going to do this:
- Core user information is basically just an email address - everything else is optional
- User accounts can have different authenticators: a normal account has a password authenticator, a Google+ account used a Google+ authenticator, a Facebook account used a Facebook authenticator
- Normal users could use our regular password login while other users could establish a password login if they wanted
- Social login users could try to use the regular login with their email address, but without a password authenticator they'd never be able to get in
- Someone who logs in from Google+ would be logically different from someone from Facebook, even if the email addresses were the same; there would be a "add a $provider login" option somewhere that would also handle consolidating multiple accounts
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: How do "Facebook" and "Google+" logins work on a web sit

Post by simonmlewis »

What are meant to be the key benefits of doing this anyway?
Is it worth it, and is it more problematic than just having their create a specific login for your web site.... meaning they won't have to "share" their Facebook info with others.

Be good to know your thoughts, as it's clearly a hefty job to integrate.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: How do "Facebook" and "Google+" logins work on a web sit

Post by Celauran »

The chief benefit of single sign-on is that users don't need to remember different username/password combinations for every site they visit. It's really just a convenience for your users. They're not really sharing their Facebook info, they're just authorizing your app, and they can easily turn around and revoke that privilege.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: How do "Facebook" and "Google+" logins work on a web sit

Post by simonmlewis »

So it's a way of logging in, via Facebook, to our web site?
So what do we store...? Just their email and password, just a userid and Email?
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
Post Reply