Page 1 of 1

How do "Facebook" and "Google+" logins work on a web site?

Posted: Wed May 20, 2015 3:49 am
by simonmlewis
We are about to begin developing a new client imaging web site, and want to be able to let the customer sign up using their Facebook or G+ account.

But we don't have a clue how it's done, or where to start.

Is there some golden rule of how it's done, as they are giving us those details.
I guess it has to be on a SSL, but that's as far as I know.

Re: How do "Facebook" and "Google+" logins work on a web sit

Posted: Wed May 20, 2015 4:19 am
by requinix
There's no "golden rule", if I'm understanding you correctly.

The login method varies by provider but at its core you send the user to a special URL on the provider's site, they log in there, possibly approve of some permissions for your site to use their account, then return to your site. When they return you get information about the account - typically just some identifier you would use to query their API to get the actual information. As for your site, you'll need to be able to create a sort of user account for them when they come back. Because you will need actual records on your site corresponding to the user.

Google+ Signin (don't worry, it's not just for Google+)
Facebook

When we were planning to implement "social login" (I don't know if that's an official term or anything) at my work we were going to do this:
- Core user information is basically just an email address - everything else is optional
- User accounts can have different authenticators: a normal account has a password authenticator, a Google+ account used a Google+ authenticator, a Facebook account used a Facebook authenticator
- Normal users could use our regular password login while other users could establish a password login if they wanted
- Social login users could try to use the regular login with their email address, but without a password authenticator they'd never be able to get in
- Someone who logs in from Google+ would be logically different from someone from Facebook, even if the email addresses were the same; there would be a "add a $provider login" option somewhere that would also handle consolidating multiple accounts

Re: How do "Facebook" and "Google+" logins work on a web sit

Posted: Wed May 20, 2015 8:59 am
by simonmlewis
What are meant to be the key benefits of doing this anyway?
Is it worth it, and is it more problematic than just having their create a specific login for your web site.... meaning they won't have to "share" their Facebook info with others.

Be good to know your thoughts, as it's clearly a hefty job to integrate.

Re: How do "Facebook" and "Google+" logins work on a web sit

Posted: Wed May 20, 2015 9:45 am
by Celauran
The chief benefit of single sign-on is that users don't need to remember different username/password combinations for every site they visit. It's really just a convenience for your users. They're not really sharing their Facebook info, they're just authorizing your app, and they can easily turn around and revoke that privilege.

Re: How do "Facebook" and "Google+" logins work on a web sit

Posted: Wed May 20, 2015 9:51 am
by simonmlewis
So it's a way of logging in, via Facebook, to our web site?
So what do we store...? Just their email and password, just a userid and Email?