Don’t you ever get tired of coming up with different username and password combinations for logging into websites? This is where Social Login comes to the rescue. Social Login is a form of single sign on mechanism which is using pre-existing login information from other social networking services. Having in mind that users are looking for a more convenient way of performing authentication on third-party websites, Baasic embraces the idea of working with user identities in a more simpler and sophisticated manner. Let’s take a closer look at what this all means for your applications and how you can utilize this functionality.

Baasic provides social login functionality through RESTful API, allowing you to perform CRUD operations on the login data. You can use these requests to authenticate the user against the system by using the most popular social providers: - Facebok - Twitter - GitHub - Google

To enable social login for your application, you’ll need to configure one or more social providers. Just go to your Baasic Application Dashboard, select Settings > Application Settings and fill out your consumer key and secret information for intended providers:

Apart from improving the user experience, social login authentication ensures more sign-ups, more effective site personalization, permission-based identity control, higher data stability and much more of the good stuff. How it works in general is fairly simple. As an example, let’s suppose that anonymous user wishes to log in to your app, but doesn’t have an account, and instead wants to login using a third-party provider, such as Facebook or Twitter. You’ll allow the user to authenticate against the web server by means of usual social login buttons. Once the user is logged in, the web server can make a request to the provider’s API with the Authorization Code obtained and, in exchange, the app will be given an access token allowing it to perform certain actions, such as fetching user information.

That being said, let’s go through a list of available Baasic social login API endpoints: - login (GET) - asynchronously retrieves the provider login URL; - login (POST) - handles authentication request and issues access token via social login providers; - users (GET) - retrieves social login connections associated to the specific user resource and - users (DELETE) - removes social login connection for a specified provider.

Now, let’s see how these endopints can deliver social authentication to your application.

Login (GET)

For starters, to access relevant user information using the social login authentication, the app initially needs to redirect the user to the address where he is presented with the Auth dialog. The Login (GET) endpoint (see an example below) retrieves the login URL for the specified provider, allowing you to prompt the user to verify their account and accept relevant set of permissions.

Endpoint code example:

  curl 
   -H Accept:application/json 
   -X GET 
   -v 
   https://api.baasic.com/<version>/<api-key>/login/social/<provider>/?returnUrl=<returnUrl>

Login (POST)

If everything goes well during the social login authentication, a social login provider will respond with the following: - code - query parameter for OAuth2.0 providers or - oAuthToken and oAuthVerifier - query parameters for OAuth1.0 providers.

Now, you’re able to perform a request to the Baasic, including the authorization code:

  curl 
   -H Content-Type:application/json  
   -H Content-Length:0
   -X POST 
   -d '{
        "Code": "<code>",
        "returnUrl": "<returnUrl>"
    }' 
   -v 
   https://api.baasic.com/<version>/<api-key>/login/social/<provider>/

If provided information is valid and satisfies all predefined rules, authentication token will be successfully created. In other words, user will be logged into the system. However, at this point authentication can fail for multiple reasons resulting in HTTP 500 (Internal Server Error) or HTTP 400 (Bad Request): - invalid_provider - specified social login provider could not be found; - invalid_provider_configuration - provider’s configuration is not valid; - user_not_found - user could not be found at the specified social login provider; - account_in_use - social login account is already in use, so it cannot be associated to the currently logged user; - account_not_merged - an unexpected error occurred while associating social login account to currently logged user; - invalid_grant_approved - social login account is bound to a user which is not approved; - invalid_grant_lock - social login account is bound to a user which is locked; - invalid_grant - authentication failed due to the invalid password; - missing_email - email information is missing, meaning that the social provider didn’t return it or it was not submitted; - account_created - account is successfully created but is pending email verification; - login_error - an unexpected error occurred while creating an account and - registration_disabled - user registration is disabled for the current application.

What if you want to use multiple social logins on a single account? No problem, Baasic automatically matches the identity of the user retrieved from the social provider with the already existing users. In case of a match, you can just update the existing user with a new social login connection.

Users (GET)

It is a good idea to keep track of social login connections and users they are tied to. For that reason, Baasic exposes this endpoint allowing you to obtain all established social login connections for the specified user.

Endpoint code example:

  curl 
   -H Authorization:"bearer <token>"
   -H Accept:application/json 
   -X GET 
   -v 
   https://api.baasic.com/<version>/<api-key>/users/<username>/

Users (DELETE )

At any point, you can detach an established social login connection from the specified user. This action will revoke any association between the user and social provider, meaning that they will no longer be able to login into their account using that provider, but will be able to reconnect later.

Endpoint code example:

  curl 
   -H Authorization:"bearer <token>"
   -X DELETE 
   -v 
   https://api.baasic.com/<version>/<api-key>/users/<username>/

Learn more

Some follow up blog posts will be on-line soon, showing you how to: - set-up Social Login providers in Baasic and - use Social Login in AngularJS.

We’re looking forward to your feedback, please use the comment section below to send your comments and questions.

Feel free to leave a comment

comments powered by Disqus