Last weekend I spent most of my time trying to get my mind wrapped around giving people access to features on my website using their Google accounts. I was really confused for a while learning how to use the technology. Luckily, people much smarter than me have already made very easy to use libraries. I'm currently able to authenticate using Google AND Yahoo because they use the same open source technology. I'm going to try adding Facebook as well at some point. They have their own proprietary solution so I need to learn to use different libraries.
Here's what I can do so far and how the authentication works:
- A person goes to something needing a user login on my website (like the shoutbox) and they see a dialog that tells them they need to log in.
- They choose the kind of account they want to log in with and get sent directly to that account provider's login page. The user logs in securely and I never see their credentials.
- The provider sends the user back to my website with an encrypted identifier that acts as that user's name on my site.
The result, the user gets to log in to my website without me seeing their credentials. They don't have to give me any private information for a new account. And I'm not liable for securing their private info.
No comments:
Post a Comment