These days, it's common for users accessing websites and applications from a web browser to authenticate with social identity providers such as Google or Facebook. Offering social login as an option goes a long way toward improving user experience. In fact, in a recent survey, 86% of users reported being bothered by having to create new accounts on websites, and 77% said that "social login is a good solution that should be in any site."
On mobile devices, social identity providers usually have their own applications (e.g., Facebook, Twitter), and some of them actually provide the operating system (e.g., Google, Apple). In the latter cases, users can use single sign-on (SSO) with a native UI instead of reauthenticating in the browser. This makes for a cleaner, simpler user experience.
Auth0 already supports native login for Apple (Sign In with Apple), and we are excited to announce that we now support native login for Facebook as well. This allows for authentication using the identity of the user who is logged into the Facebook application installed on the device. Auth0 customers who implemented this flow immediately saw an improvement in how their users were able to authenticate with Facebook:
"By enabling native social authentication, our app's Facebook login times have been reduced by 50% compared to web authentication. And successful Facebook logins in our app have increased by 16%."
— Eric Jensen, Principal Engineer, Kiva
Learn how Kiva eliminated 22,000 lines of legacy code by implementing Auth0.
Enhanced User Experience
Compass is a leading national real estate technology company that provides tools and services to help real estate agents grow their businesses and better serve their clients. As one of the largest groups of small business owners in the country, real estate agents utilize the end-to-end Compass platform to improve their productivity and manage their businesses more effectively. Compass currently powers over 18,000 real estate agents across 150+ U.S. cities, who were responsible for over $91 billion in real estate transactions in 2019.
Compass's suite of software tools acts as an operating system for real estate agents, making them more efficient by optimizing their workday, pricing properties more accurately, determining the best time to list, and more. The platform also integrates listings, transactions, and individual client data, giving agents personalized recommendations and insights. This enables agents to tailor their services to the specific needs of each client.
To help agents collaborate with their clients and stay productive even when they're not in front of their laptops, Compass provides iOS and Android apps. They've implemented login with Google, Facebook, and Apple to reduce friction for users. You can see the Facebook login experience in action below:
In Android, a popup is displayed where users can confirm their identity and log in. In iOS, the flow is not quite as seamless since the Facebook app is opened, but this gives the end user a clear understanding of what is happening and reassures them that the Facebook app furnished the credentials.
Complying With Facebook and Apple Policies
In the past months, several social login providers have been tightening up their requirements to integrate applications with their authentication frameworks.
Facebook's Platform Policy states: "Native iOS and Android apps that implement Facebook Login must use our official SDKs for login."
Apple's application guidelines read: "An app may not store credentials or tokens to social networks off of the device and may only use such credentials or tokens to directly connect to the social network from the app itself while the app is in use."
How Does It Work?
Based on the requirements described above, we collaborated with Facebook to design a solution that will let us authenticate Facebook users in native apps while complying with Apple's rules. The image below shows a high-level description of the flow:
The application logs in with Facebook using the Facebook SDK. This returns a Facebook access token.
The native application requests the user profile using the Facebook API or corresponding call in the Facebook SDK.
The application exchanges the access token for a session info access token. This is a token that can only be used to validate that the user created a session, not to act on behalf of the user or retrieve the user profile.
The application calls Auth0's
/oauth/tokenendpoint, sending the session info access token and the user profile data.
Auth0 calls the debug_token endpoint to validate that the user initiated a session with Facebook.
You can read more and see the payload for each API call in our "Add Facebook Login to Native Apps" docs.
You are only a few steps away from greatly simplifying how users log into your mobile applications. Check out our Android and Swift quickstart guides to learn how to integrate native login with Facebook using our updated Android SDK and Swift SDK.
Auth0 by Okta takes a modern approach to customer identity and enables organizations to provide secure access to any application, for any user. Auth0 is a highly customizable platform that is as simple as development teams want, and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visit https://auth0.com.