OAuth login - does it really work for apps?

Developers are very skeptic of real usage of OAuth login. The effort spent in providing seamless integration with social networks for OAuth login might not give enough returns or does it?

OAuth stats for CVsIntellect

Total User Login (Regular + OAuth): 13,895

Total OAuth Login: 7,433 (a wopping 53% of total sign-ins)

Social Network & Sign-in Count:

1. Google: 3,079
2. Linkedin: 2,563
3. Facebook: 1,746
4. Yahoo: 39
5. MSN: 6

Some advantages of OAuth logins:

1. No Password - User does not require to remember the password for the website. With explosion of websites there is simply no way users will be able to remember passwords for all of their accounts. With browers providing “save password” feature & softwares like 1Password etc. its slightly better, but users still need to be on “their” machine to be able to use them.
2. Data - You get data that’s required for registration. Email-id, Name, Gender etc. This reduces the need to fill forms for user which I am sure no-one would mind! :-D
3. Security - Since you are not holding passwords for these accounts you do not have to worry about security for these accounts. No data - No problem! :-)

Some good practices for implementing OAuth logins:

1. Permissions - Request “just enough” permissions for your app. The number one reason users do not use OAuth is request for “write” permissions for their account, while number two is request for “very personal” information like chat messages etc.
2. Re-direct vs Pop-up - According to our experience re-directing to the respective social network is better than opening a pop-up that reloads the page on sign-in. Though Pop-up increases “time on website”, it causes loss of context, Some browsers block pop-ups all together, Sometimes the pop-up gets lost due to user clicking outside the pop-up by mistake requiring him/her to search for the pop-up window, resulting in frustration!
3. Library vs Custom - Use a library to implement OAuth rather than implementing it yourself. Manyatimes social networks change APIs deprecating & stoping support for the old ones. Using a library would usually mean this is a simple upgrade. The chances of library taking care of the change is much higher than you keeping up with changing APIs. We use socialauth with a custom plugin for linked-in for CVsIntellect.

The problem with OAuth:

With multiple social networks offering OAuth there is fair chance people forget which one they used for sign-in the last time. Solution…

Common Log-in - Login through multiple accounts like Google, Facebook, Linked-in should lead to same account if its the same user. Unfortunately, the only way to make sure the account belongs to same user is through email-id, i.e. if user logins through different social networks but has same email-id then it gives the user access to the same account (belonging to email-id). Twitter does not provide email-id for OAuth logins which makes it really difficult to add OAuth login for it.

So, are you ready to add OAuth to your website! :-)