Creating a Generic Social Media Login Component
We’re creating a generic plugin component to handle user registration and logins through the social media profile of their choice. Our prototype will provide logins through the most popular social media channels: Facebook, Linkedin, Twitter, Instagram and Google+, with the aim for it to eventually be open to any social media profile a user may have. We also want to push the boundaries by implementing a two-step user authentication, which increases security even if someone stole your password. There are also loads of exciting and intriguing new authentication methods that we will be exploring, including fingerprints, facial and even heartbeat recognition!
Why Social Media Login?
The first question may be “Why social media login?” We now live in a digital age where users want things to be simple, fast and easy. The last thing people need is to remember another username and password. Social media login improves user experience by providing all of the above and replacing repetitive and time consuming registration and login processes by authenticating users and populating profiles based on personal information they have already decided to share and make available.
- Ability for a user to register even without an email address (with the ability to turn on or off through config)
- Facebook, Twitter, Instagram and Google+ integration with access to open graph information
- Verify account information as part of registration (with the ability to turn on or off through config)
- Change and forgotten password
- Desktop, mobile web and mobile app interfaces
It is tricky
Social media logins use a standard called OAuth, which means it is a set of rules which companies like Google and Facebook should adhere to when building their OAuth systems. So naturally these rules are not perfect. For example Google and Facebook implement the OAuth standard slightly differently. So why does this matter? This means that it’s difficult to write one piece of code that will work for all the different OAuth implementation. This is what we are trying to do. In a perfect world we would like to be able to add a new implementation of OAuth without changing any code at all. So we will just have to overcome this issue using our wit and presence of mind, we will let you know how it goes.