One of the core features of any modern app is the ability to leverage Social Authentication (also known as Social Login). Social login is a form of single sign-on using existing login information from an identity provider such as Facebook, Google, Apple or Microsoft to sign into a third-party website or app in lieu of creating a new login account specifically for that app.
Under the covers, Social login is powered by OAuth 2.0. OAuth 2.0 is an open standard for authorization. OAuth 2.0 provides client applications 'secure delegated access’ to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials. Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth 2.0 essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner, or end-user. The client then uses the access token to access the protected resources hosted by the resource server. OAuth 2.0 is commonly used as a way for web surfers to log into third party web sites using their Facebook, Google, Apple or Microsoft accounts, without worrying about their access credentials being compromised.
When I first began working with Social Login and OAuth, I found the concept to be somewhat complicated and difficult to implement from scratch. I attempted using third party libraries such as the Facebook SDK for .NET however it did not assist me in truly understanding the underlying concept. After much research on the topic I discovered the following graphic which I found to be quite helpful:
The more I worked to understand it, the more I realized that it is simply just a series of calls to various endpoints (URIs) which in sequence gets me to the expected result.
As I went about deciding which identity provider to use it was initially obvious that the one with the largest number of users would make the most sense. If I’m building an app for the masses, then I want to make sure that I provide users with the easiest way for them to login to my app. Therefore, the obvious choice was Facebook which currently has approximately 2.4 billion active users.
According to identity management platform Gigya, for the first time since 2011, Facebook has surpassed the 60 percent mark and powered 61 percent of all social logins on Gigya’s network in the last quarter of 2014 (up from 58 percent in the previous quarter and up 10 percent from a year ago).
Without searching much further I took on the task of doing this myself and have now also created a sample project which you can download and incorporate into your app.
The sample project does the following:
- Authenticates the user via Facebook
- Makes a request to Facebook for the user’s public profile information
- Display the user’s information
Before you use the following sample you must create a Facebook application. To do so navigate to the Facebook Developer Portal and click the '+ Add a New App' button. Follow the steps to create an app and record your AppId and AppSecret.
Once you have your AppId and AppSecret all you need to do is following:
- Clone or Download the project from GitHub
- Open the project in Visual Studio Code or Visual Studio
- Open the appsettings.json file and add your FacebookAppId and FacebookAppSecret in the "AppSettings" node
- Run the project.
This is the result you should get:
And there you have it. Please let me know in the comments if you have any issue with concept or with the sample project… would be happy to help.
If you would prefer to advance directly to obtaining the Facebook user data of your audience, try out the free trial of my service, 'Subscriber'. With Subscriber you immediately get the social login capabilities of Facebook, Google and Apple: