SDA SE Wiki

Software Engineering for Smart Data Analytics & Smart Data Analytics for Software Engineering

User Tools

Site Tools


Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
teaching:labs:xp:2012b:facebookgooglelogin [2012/08/28 10:54]
volkan.guenal
teaching:labs:xp:2012b:facebookgooglelogin [2018/05/09 01:59] (current)
Line 1: Line 1:
 +==== S6T1 Investigation on Facebook/​Google authentication ====
 +Vadim Costache/​Chih-Song Kuo
 +
 +Summary:
 +The basic idea of both Facebook/​Google account authentication is to outsource the account management part to some third-party server. That server will handle user account creation, password-forgotten retrieval, and user information storage. Once the user is authenticated by a third-party,​ an identifier which is not identical to one's Facebook/​Google account will be returned to our website. That identifier can then be used to specify the user's own data in our own database.
 +
 +We found Facebook/​Google account authentication saves reasonable effort to build safe, secure user management, which usually requires much knowledge and time to implement. However, this doesn'​t mean a developer can implement the needed code for third-party authentication in a short time because there are reasonable documents to read and mechanisms to understand.
 +
 +In our point of view, implementing Facebook/​Google account authentication would take about the same time as a "​simple (unsecure)"​ self-built account management system. If we need higher robustness, then we think it is worth to use third-party account authentication.
 +
 +There is also the alternative of directly using OpenID on the website.
 +
 +
 +=== Facebook Account Authentication ===
 +[[http://​developers.facebook.com/​docs/​plugins/​registration/​|Facebook Registration]]
 +[[http://​developers.facebook.com/​docs/​user_registration/​flows/​|How Facebook registration works]]
 +Facebook uses [[http://​oauth.net/​2/​|OAuth]]
 +
 +Features
 +----------
 +
 +-----------------------------------------------------------------
 +|!!! IF YOU DO NOT HAVE A FACEBOOK ACCOUNT, YOU CANNOT LOGIN !!!|
 +-----------------------------------------------------------------
 +
 +- You can sign in even if you don't have a FB account
 +- There is also an XFBML tag for use with the Javascript SDK.
 +- You may also request data from users that isn't present on Facebook. ​
 + To do this, you can use a JSON string in the fields attribute ​
 + instead of the CSV
 +- If the user arrives at your site logged out of Facebook, ​
 + the button will say Login. When the user clicks it, she will 
 + be prompted to enter her Facebook username and password. ​
 + If she has not registered for your site, she will be redirected
 + to the URL you specify in the registration-url parameter. ​
 + If she has already registered for your site, the button will 
 + fire an onlogin() Javascript event. When this event is fired you
 + should login the user to your site.
 +- uses OAuth 2.0
 +- JavaScript on the Client Side
 +- PHP on the Server Side
 +
 +related stuff
 +-------------------
 +[[https://​github.com/​tenorviol/​node-facebook-sdk|Node Facebook SDK]]
 +
 +**S6T02** Diagram for a site that uses Facebook and its own Registration
 +
 +[[https://​developers.facebook.com/​attachment/​flow2.png]]
 +
 +
 +PROS
 +---------
 +- JSON
 +- easy to implement
 +- manages social interaction (if you block a user on facebook, he won't be able to access your data on the website): ​
 +[[http://​www.facebook.com/​help/?​faq=223184117694507#​How-does-privacy-work-with-sites-using-Facebook-Login?​|Facebook Login]]
 +
 +CONS
 +---------
 +- uses popups ( for websites, not for mobile apps )
 +- you can only login if you have a FB account
 +
 +
 +=== Google Account Authentication ===
 +Main Ref:
 +[[https://​developers.google.com/​accounts/​docs/​OpenID|Google Account Authentication]]
 +
 +Based on the OpenID 2.0 protocol
 +[[http://​openid.net/​specs/​openid-authentication-2_0.html|OpenID Official Page]]
 +May also choose use OAuth as a complementary dual to OpenID if needed
 +{{:​teaching:​labs:​xp:​2012b:​openiddiagram.png|}}
 +
 +Taken from https://​developers.google.com/​accounts/​docs/​OpenID
 +
 +Pros:
 +Quite flexible. Supports log-in through the same browser window or a pop-up one.
 +
 +Cons:
 +Takes time to understand to whole procedure and how OpenID works.
 +
 +
 +
 +=== Useful Links ===
 +
 +==**S6T2** - Google+ Sign In== 
 +A Simple lightweight Google+ API for Client Side: 
 +
 +[[https://​github.com/​AdminSpot/​Google-Plus-javascript-API]]
 +
 +=== Info on OpenId ===
 + ​[[http://​ox.no/​software/​node-openid|OpenID for Node.js]]
 +
 + ​[[http://​en.wikipedia.org/​wiki/​OpenID|OpenID]]
 +
 +[[http://​openid.net/​add-openid/​|Add OpenID]]
 +[[http://​openid.net/​add-openid/​add-getting-started/​|OpenID - Getting Started]]
 +[[http://​openid.net/​developers/​libraries/​|OpenID Libraries]]
 +
 +
 +Features
 +- user logs in to an OpenID provider. That OpenID is used to auth with any website.
 +
 +PROS
 +---------
 +- universal
 +
 +CONS
 +---------
 +- complicated
 +
 +
 +=== OAuth ===
 +
 +OAuth provides some extension to OpenID
 +
 + ​[[http://​en.wikipedia.org/​wiki/​OAuth|OAuth]]
 +
 +=== MISC Stuff (things we found on the way) ===
 +
 +some OAuth Javascript code
 +---------------------------
 +[[http://​oauth.googlecode.com/​svn/​code/​javascript/​|Javascript OAuth]]
 +
 +some random JS login code
 +---------------------------
 +[[http://​www.codingforums.com/​showthread.php?​t=10114|JavaScript Login Code]]
 +
 +an article on how to secure oauth in javascript
 +-----------------------------------------------
 +[[http://​derek.io/​blog/​2010/​how-to-secure-oauth-in-javascript/​|OAuth Javascript]]
 +
 +articles on how to integrate openid as the login system
 +----------------------------------------------------------
 +[[http://​remysharp.com/​2007/​12/​21/​how-to-integrate-openid-as-your-login-system/​|Integrate OpenID]]
 +[[http://​www.slideshare.net/​kuchmuch/​implementing-openid| alt - integrate openid]]
 +
 +
 +
 +
 +
 +
 +
 +
 +--- our comm ---
 +http://​stackoverflow.com/​questions/​3498005/​user-authentication-libraries-for-node-js
  
teaching/labs/xp/2012b/facebookgooglelogin.txt · Last modified: 2018/05/09 01:59 (external edit)

SEWiki, © 2019