Vadim Costache/Chih-Song Kuo
Summary: The basic idea of both Facebook/Google account authentication is to outsource the account management part to some third-party server. That server will handle user account creation, password-forgotten retrieval, and user information storage. Once the user is authenticated by a third-party, an identifier which is not identical to one's Facebook/Google account will be returned to our website. That identifier can then be used to specify the user's own data in our own database.
We found Facebook/Google account authentication saves reasonable effort to build safe, secure user management, which usually requires much knowledge and time to implement. However, this doesn't mean a developer can implement the needed code for third-party authentication in a short time because there are reasonable documents to read and mechanisms to understand.
In our point of view, implementing Facebook/Google account authentication would take about the same time as a “simple (unsecure)” self-built account management system. If we need higher robustness, then we think it is worth to use third-party account authentication.
There is also the alternative of directly using OpenID on the website.
|!!! IF YOU DO NOT HAVE A FACEBOOK ACCOUNT, YOU CANNOT LOGIN !!!|
To do this, you can use a JSON string in the fields attribute instead of the CSV
- If the user arrives at your site logged out of Facebook,
S6T02 Diagram for a site that uses Facebook and its own Registration
- JSON - easy to implement - manages social interaction (if you block a user on facebook, he won't be able to access your data on the website): Facebook Login
- uses popups ( for websites, not for mobile apps ) - you can only login if you have a FB account
Main Ref: Google Account Authentication
Based on the OpenID 2.0 protocol OpenID Official Page May also choose use OAuth as a complementary dual to OpenID if needed
Pros: Quite flexible. Supports log-in through the same browser window or a pop-up one.
Cons: Takes time to understand to whole procedure and how OpenID works.
A Simple lightweight Google+ API for Client Side:
Features - user logs in to an OpenID provider. That OpenID is used to auth with any website.
OAuth provides some extension to OpenID
some random JS login code
articles on how to integrate openid as the login system