Background: My company wanted to give its user a facility to login using Facebook and I was chosen as one of the resource for implementing it. We needed to collect user's email for newsletter sign-ups from facebook data.
There is a couple of solutions (client and server side) available both are explained here. There is a third way by using Javascript SDK, which is the approach we took to get facebook user's data.
Why is there a need for using a third party authentication?
By using third party authentication, consumer can concentrate on implementing their business logic and not concentrate on dealing with all the issues of authentication (to name a few: maintaining digest and salt, computing digest/salt pair using encryption algorithms like RSA/MD5 etc, making the connection secure during login)
Idea of OAuth: The idea revolves around the model of Kerberos, which is a network authentication protocol. Kerberos separates authentication from business logic by handling all the authentication at a different server termed as "authentication server" and all the business logic resides in "Service server". User when trying to login is directed to this authentication server, which grants a token and nuance (ticket) to the user. Ticket is then used for authentication at the service server. More details at wiki
Reason for choosing Javascript SDK over client/server side approach: Javascript SDK version is more cleaner and hides authentication process through its api calls where as client/server side approach gives more fine grain control over the authentication process and makes client responsible for implementing the steps. Using XFBML was sufficient in our approach and we didn't need such fine grain control.
There is a couple of solutions (client and server side) available both are explained here. There is a third way by using Javascript SDK, which is the approach we took to get facebook user's data.
Why is there a need for using a third party authentication?
By using third party authentication, consumer can concentrate on implementing their business logic and not concentrate on dealing with all the issues of authentication (to name a few: maintaining digest and salt, computing digest/salt pair using encryption algorithms like RSA/MD5 etc, making the connection secure during login)
Idea of OAuth: The idea revolves around the model of Kerberos, which is a network authentication protocol. Kerberos separates authentication from business logic by handling all the authentication at a different server termed as "authentication server" and all the business logic resides in "Service server". User when trying to login is directed to this authentication server, which grants a token and nuance (ticket) to the user. Ticket is then used for authentication at the service server. More details at wiki
Reason for choosing Javascript SDK over client/server side approach: Javascript SDK version is more cleaner and hides authentication process through its api calls where as client/server side approach gives more fine grain control over the authentication process and makes client responsible for implementing the steps. Using XFBML was sufficient in our approach and we didn't need such fine grain control.
No comments:
Post a Comment