social login

Building Secure and Social

Applications

Michele Leroux Bustamantemichelebusta@solliance.net

Why Social Login?

Fewer passwords to remember

Single Sign-On (SSO)

Gather information

Read your thoughts

Perform actions based on your thoughts

Share

Access to millions of new users

As of October 29, 2013

• Facebook 1.2 B• Google+ 540 M• TW 500 M• LinkedIn 300 M• Yahoo 300 M

http://www.nydailynews.com/news/national/google-540m-monthly-users-lags-behind-facebook-article-1.1500403

Session Agenda

• Social registration• Social Login and SSO• Gather profile information• Linking accounts• Social sharing

DEMO

Twitter Setup

• No app required• Redirect and login• User asked to authorize during login• Authorization code returned• Application uses code to request an

access token• Application uses access token to

interact with provider API

Facebook Setup

• Create an app at the provider• Get the application “keys”• Redirect and login• Users asked to authorize during login• Authorization code returned• Application uses code to request info

Protocol Flow

• What really happened?• Redirect to provider

– User authenticates– Authorization code returned

• Call to provider with code– Request additional user information– Must be authorized information

DEMO

Social Sharing

• Share directly from JavaScript– Generate sample buttons at provider

site– Customize as desired

• Share through API– Requires access token to operate on

behalf of the user

DEMO

Gathering Information

• Use the access token to request information from the provider

• Unique identifier per user• Additional details can vary

DEMO

Development Platforms

Connecting Accounts

• Goal to have a single profile• Login with one or more provider,

same user profile• Share with one or more provider,

irrespective of login

DEMO

Design Decisions

• Which providers will you support?• What profile information do you

need?• What sharing options / methods?• How do you want to handle

providers?

What if it could be easier?

One Example

What if it could be easier?

References

• Conference resources to be referenced here: – http://michelebusta.com

• See my snapboards:– Currently at the alpha site:

http://snapboardalpha.cloudapp.net/michelebusta

– Will move these to snapboard.com/michelebusta when we go live on the main site (SOON watch my blog for announcement)

• Contact me:– michelebusta@solliance.net– @michelebusta

Michele Leroux BustamanteManaging Partner

Solliance (solliance.net) CEO and Cofounder

Snapboard (snapboard.com)

Microsoft Regional Director Microsoft MVP

Author, SpeakerPluralsight courses on the way!Blog: michelebusta.commichelebusta@solliance.net@michelebusta