If I create an app with social logins and the app have huge amount of data, are these data under the social login company hands (for example Facebook), can they use it or make whatever they want with it ?
And does the app that has a social login affect the ability that someone may purchase it for example can Google buy an app that has Facebook login ?
Or it is not worth it and I should create my own authentication system ?
Thanks in advance.
You should read the privacy policy. Most of the times they don't use the information if user doesn't accept that it can be used. Some companies use the information without referring to the specific user information like email or name, but they may use it for getting demographic statistics.
If your app has only one social login is your own choice, but since social login doesn't make your app belongs to the social website, there's not problem for other company to buy the app. But it is always recommended to include a developer login and to leave space in your backend to connect to other social media. For that specific case I think that if Google ever buys your app they will pretend to add their own login.
Related
I can't really figure out what exactly the facebook API and its services are capable of in terms of user management. Given that I would completely rely on facebook for registration and login, does facebook only provide the authentication and registration process and return me data to store in my own database or does it also itself store a list of already registered user accounts which I can query later on so that I could completely outsource user management from my servers?
If you only need to authorize a User, you don´t need to store anything. You only need to store them in a database if you need to identify returning Users, or if you need to use his data while he is not online.
There is no user management though, you can´t just get a list of all users who authorized your App from Facebook. That´s what you have to store on your own. Make sure to implement the possibility to remove a User from your database, Facebook offers a deauthorization-callback in the App settings for that.
Update: It appears that when there's no API or token, software seems to simply ask the user for their account credentials, and probably has to store this information. I guess it can't be a huge security risk, since people are willing to share this information with apps like Mint:
So, my conclusion is that it is OK to ask users for credentials to other services if they can be secured safely and the user desires the service provided.
Many, many apps use others apps such as Facebook in order to get data from it, usually to verify the user is real and to get relevant profile data (e.g. a dating app would want age, gender, etc.).
When using such an app, I do not have to enter in my Facebook credentials. The app simply opens up my Facebook/asks for permission to access it, and voila it's done.
There seems to be a lot of documentation for well known companies like Facebook, Twitter, and PayPal on how to do this.
But how is it done for an arbitrary website that requires a user/profile, e.g. this website: http://ae.com/web/index.jsp
Unsurprisingly, if I google for FaceBook, there's a heap of resources, and even it's own dedicated tag (https://developers.facebook.com/docs/facebook-login/access-tokens).
However, if I start googling for American Eagle, e.g. "https://www.google.com/search?client=safari&rls=en&q=american+eagle+access+token&ie=UTF-8&oe=UTF-8", I get nothing relevant at all.
If I understand your question right, that you want to enable facebook login for your website,
you still need to create a facebook app. then use the access tokens in your website. so when user clicks on login with facebook, the app will be asking for permissions and finally you will get the access token and you can use that in your site to log in.
I am working on a requirement where I need to collate information from a persons social media profile into the application mainly LinkedIn, Facebook, Google and Twitter.
The app has the email ID provided by the user. Assumption is of course that the person uses the same email ID across all the services.
My initial gut feel is that I need to ask the my user to login into my app using their Facebook / Google / Twitter ID and once he is authenticated, the corresponding API can then give their information. However, I am not sure if this approach would be feasible for multiple providers i.e. I need info both from Facebook AND Google+ for example
Alternatively, is it possible to use the API's of any of these Social Media applications to map the email ID I have to a user in those applications and then to get the user's public information?
Also, is anyone aware of any 3rd party products / API's which can help provide this kind of identification? I have heard of Rapleap (www.rapleaf.com) but the profile data provided by them does not seem to have social media related information that I am interested in.
Note : I have never worked on anything related to social media in the past and hence if there is some faux pas in what I am trying to do, please feel free to point out the same.
I'll start by assuming that when you say "email ID" you actually mean "email address" which in turn is the user id for those social media networks
is it possible to use the API's of any of these Social Media applications to map the email ID I have to a user in those applications and then to get the user's public information?
Yes and No. In order to request profile information from of these social media networks (let's called them just "providers") your app will need to request it on behalf of the actual user. That is, the user will need to authenticate itself with these providers through your app. For this to happen, the user will need to provide a minimum amount of information (email and password) and your app will need to authenticate as well...usually through OAuth or a native API by specifying an already issued "App ID" (or Client ID) and an App Secret. This is information you should receive by these providers once you have successfully registered your app with them.
is anyone aware of any 3rd party products / API's which can help provide this kind of identification?
I'm not too sure and this is out of the scope of Stackoverflow...but, do you really need to add another abstraction layer in your project? Another dependency? Consider interacting directly with these providers, you have more benefits
So, basically, your app will have to get the user to supply his/her credentials in order to request this information. In the case of OAuth, your app will never see these credentials because the authentication process happens outside your app, all your app will receive is an access token to request the information that is available within the scope of the access token. By that I mean, you have to request specific permissions. There's a lot of information available on the developer's site of these providers and I'm sure you'll get around it without any problems, but feel free to ask if something is not clear enough.
There's a way to get user information from sites like facebook,google,linkedin,yahoo etc by using their OAuth service. For this you need to develop your application to include OAUth Service from any of these sites and allow the user to log into any of these services and choose what all data they would be interested to share for using your application.
Again, you will have to configure your facebook/etc application to include options for the users to select while logging in.
It really depends on the social media account. Some sites allow you to search by email, but this assumes that the email address you have is the same address the person used for the account. Others do not. What I would do is identify the sites which allow you to search by email, and go to those sites and search. That is the most straightforward way.
Does anyone know of a way to use social logins without having to create an account with a social media website? For Example, I want to use Facebook's Login on my website, but I do not want to create a Facebook account nor an app just to use their login.
Far as I know it pretty much requires (facebook) an App to be created (on developer site for facebook) in order to utilized services with a website.
Unfortunately, in order to maintain a safe development environment, and to prevent the creation of spam apps, it is required that Facebook manage its developer users. This is to allow them to block apps that act maliciously, and to allow permissions to be managed on their server for the app access token. For a more detailed answer, I'll refer you to one on StackOverflow by Lix.
I'm trying to create an app for closeted and questioning youth on facebook, and an important feature would be the ability to be anonymous on the app. I've been trying to find out if people can be anonymous on facebook, but this sounds like it's not allowed. Could facebook users make a new user account within a facebook app to protect their identity?
Thanks,
Colby
No, they cannot create a new facebook account from facebook app. And facebook has nothing to do with making a user anonymous, if user has given your application required permissions then you can have all the information about user, its up to you either you want to make that user an "Anonymous user" or show his profile pic/information.
Some suggestions:
In App Settings > Auth Dialog there is the setting Default
Activity Privacy which you should set to Only Me.
When a user authorizes your app store as little information as is
necessary, and prominently display your privacy policy explaining
what type of information you store, why, and how you will never
share it with anyone.
(optional) Store userids in your database as md5 hashes so that even if someone gains access to that database, they won't know who
the users are.