Social Login & 3rd-Party App Authorization

Typical social login options displayed when creating a new account or logging into an existing one.

What is Social Login?

Social login is a form of single sign-on using existing information from a social networking service such as Facebook, Twitter or Google+, to sign into a third party website instead of creating a new login account specifically for that website. It is designed to simplify logins for end users as well as provide more and more reliable demographic information.

Open Authorization

Huge tech companies use a standard called OAuth, which is a protocol that allows third-party websites to access and retrieve select pieces of its users’ information in order to authenticate users. In other words, OAuth is a service that allows web giants like Google or Microsoft to permit its users to share their own select pieces of information with third-party websites or apps. Most of the time when electing to use social login, the third-party website or app lets us know what information they are requesting access to.

So How Does OAuth Work?

Suppose you are a user and need to sign up/create an account on a third-party website or application

  1. First, you click on the “Sign up with Facebook” button.
  2. It redirects you to Facebook.com and checks whether you are already logged in to FacebookIf you’re not, then it prompts you to enter your username and password to access your account. Once logged in, it shows you a small dialog box that describes the kind and extent of information that you’ll be sharing with the third-party website.
  3. After pressing the ‘Continue’ button, Facebook redirects you to the third-party website with an authentication code, which is basically Facebook’s way of telling the website that you hold a valid account with them.
  4. The website now shows Facebook the unique code it acquired when it first registered itself with Facebook as a legitimate website/application. Facebook uses that code to verify the identity of the website, and in return, grants an access token to the website. It is this token that the website uses to gain restricted/limited access to some of your account information, usually consisting of your name, email address, gender, etc.

Data Collection & Cambridge Analytica

When it comes to the data that Facebook in particular has about each of its users and what it allows third-party apps to have access to, the social media giant has a strict Platform Policy that outlines what developers of third-party apps can and cannot do. With regards to data, third party apps are required to “provide a publicly available and easily accessible privacy policy that explains what data you are collecting and how you will use that data.”

Targeted Advertising

The data held by social platforms and service providers like Google are incredibly valuable pieces of information for creating a virtual profile of our lives. Our online habits and preferences are all tracked and used against us whether we realize it or not. Google tracks your online habits through search queries, its Chrome browser and more, building demographic profiles it then sells to companies who want to buy advertising on Google products, from Gmail sidebar ads to sponsored search results.

To Conclude…

People use Facebook and Google log-in because it’s easier than creating a new account. The benefits of sailing smoothly past log-ins and account registrations often mean we’re happy to trade away some data privacy. However…

  • Be aware that if you choose to log in with a social account, your data will be shared between the social network and the third-party app. Stay updated on your social networks’ privacy policies, and use the social log-in accordingly at sites you feel comfortable sharing data with.
  • Don’t use your main account to log in to a site whose security you don’t trust.
  • Don’t link a social profile to sensitive info like your Social Security number or financial details. In these cases, a separate account and password is your safest bet.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alan Golman

Alan Golman

Inquisitively learning how to become a better programmer, one line of code at a time