Social Login

Heard of Login. But what is Social Login?

There were days when websites were just like books. You can access them, open them, read through them but that’s about it. Nothing more. It’s still the same when you come back later. Unless of course something changes. But that’s so boring. And so, from being like books, websites turned to being like houses. You can see it from outside and if you can get an entry pass, you can get inside the house and see what’s in the room they set aside for you. That’s how the system of logging in was conceived. People were using the Web more and more, static websites had no choice but to become dynamic and ensure people kept returning. And then these websites just multiplied. Now you log into your email account, your bank account, your ecommerce account(s), your work accounts and so many others we can’t even think of right now. And because it’s your account, you’ve got to create a password for it and then even remember it. It’s like having rooms in twenty houses with keys to them. And keys do look strikingly similar. What if you could have just one key and still log in everywhere. Great idea, right? Just one password to remember and click, you’re in. Except that this universal account has to one you created at a social network. Yes. If you have a Facebook account and if you’re able to login to another website using your Facebook credentials, then you have social login working for you right there. Social Login essentially is just login with a social network credentials. Pretty simple stuff.

Why would anyone even want Social Login?  

It does look pretty lame at first but then it’s really cool because of the multiple advantages that both users and websites have. Like we already said, remembering multiple passwords is like carrying a large bunch of keys. Your pockets could really tear off. One password to remember is so much better. The best part, though, is that you don’t have to register. Signing in without registration was close to impossible when it was first thought off. But then how many times can you register in an age when every other website requires you to sign in, some in the zest for a larger body of registered customers. It’s practically impossible. And of course, there are numerous studies which show people tend to forget passwords if they have to remember many of them. Yeah these are all good reasons on paper but some may still not be convinced by them. The best thing about social login is that you just login without registering and you ushered into an account that always seemed yours. That’s because your social profile helps turn your onboarding into a breeze.

If you are learning about social login for the first time, you could be thinking why use only social media accounts for public sign-in. Why Social Sign-In? Why not Microsoft Sign-In? Why not ecommerce sign-in? It’s simple and you must already have guessed it. Social media is universal. Almost every person using the internet on a regular basis must be having a social media account making it the obvious choice. However, there is no network that is universal in its usage for Social Sign-In. Facebook does well as evidenced in the study of Customer Identity Preference Trends for Q1 of 2016 and so do Google and Twitter (not as much as Facebook but, to be fair, yes). And for the aforementioned reasons, social sign-on is also a popular mode among millennials, who, we guess, are your majority consumers.

How does Social Login work?

Okay, we’ll get a bit technical here. But that obviously wouldn’t trouble you. In the context of Social Login, a social network is an independent entity and so is any other website attempting to provide social sign-in. If you are logging in using a social identity, you obviously have a record against your name in the social media network’s database. So the simple task for the website here is just to verify if you exist in the respective social media network database. But that’s not all. Social network authentication completes only half the job. The second part is to suck in data from your social profile so your account on the website you are signing into is setup for you. Of course, the website also has a lot of nice uses for your social profile data.

So, how is it done? In most cases, websites use a protocol called OAuth to talk to the social network whose identity you want to use to sign in and get the requisite information. If you’ve already read our posts on Single Sign-On and SAML, you’ll ask why this can’t be done using SAML. It can be done. But the catch is that SAML can help just for social network authentication. So, once you are logged into the website (using your social identity), you’re on your own. But, with OAuth, not only do you login with your social profile but you also get to make use of a lot of social functionalities. Now, these functionalities are network level resources which means they fall under the category of authorization, going past authentication.

How does OAuth manage this?

Basically, if you look at the picture holistically, you’ll understand you are just delegating access. You’ve supplied your social network credentials - though the website can’t see them, they are encrypted in motion - and through a series of steps your information is sent to the social network for verification which then sends a reply if the verification is successful and you are redirected to the website. But so far, you’ve only been authenticated. Most websites need more than that. OAuth helps here by giving the website a sort of an access token using which, on your behalf, the website can take certain actions through API calls. Remember those irritating questions asking if you agree to give the website or mobile app you are using access to your social profile? That’s the last step. If you agree, you are basically delegating access to the website or mobile app. And because you are already logged in, the social network is sure that you have actually delegated access. OAuth helps accomplish all this while also helping safeguard you and your credentials.