Social Login - Time to implement it in your apps

Social Login is single sign-on for end users. Using existing login information from a social network provider like Facebook, Twitter, or Google, the user can sign into a third party website instead of creating a new account specifically for that website. This simplifies registrations and logins for end users.

Adding Social Login to your applications has several perks.

• Increase registrations: according to a Web Hosting Buzz survey: 86 percent of users report being bothered by having to create new accounts on websites. Some of these users would rather leave your site than register, which means that providing Social Login to your apps will increase the number of registrations to your site. The survey also states that 77 percent of respondents say that “Social Login is a good solution that should be in any site.”
• Email is verified: The social network provider is in charge of verifying the user’s email. If the provider shares this information (Twitter does not share the user email address, for example) you will get a real email address rather than the fake addresses that some users typically use to register in web applications. Additionally, the providers will handle the password recovery process.
• Access richer user profiles: Social network providers can give you additional information about users, such as location, interests, birthday, and more. Using this data, you can target personalized content to the user.
• Up-to-date profiles: Users do not tend to keep their profiles updated in most applications they use, but they do it in social networks. Therefore, having Social Login ensure that you have accurate information about your users.
• One-click return experience: After users register in your application using Social Login, their return experience will be very simple, as they will probably be logged into the social network, and just one click will be enough to login to your application.

Social Login is a simple process, with the following steps.

1. The user enters your application and selects the desired social network provider.
2. A login request is send to the social network provider.
3. Once the social network provider confirms the user’s identity, a current user will get access to your application. A new user will be registered as a new user and then logged into the application.

Auth0 supports 30+ social providers: Facebook, Twitter, Google, Yahoo, Windows Live, LinkedIn, GitHub, PayPal, Amazon, vKontakte, Yandex, 37signals, Box, Salesforce, Salesforce (sandbox), Salesforce Community, Fitbit, Baidu, RenRen, Weibo, AOL, Shopify, WordPress, Dwolla, miiCard, Yammer, SoundCloud, Instagram, The City, The City (sandbox), Planning Center, Evernote, Evernote (sandbox), and Exact. Additionally, you can add any OAuth2 Authorization Server you need.

Every provider has its own profile properties, required headers, and response format, and some use OAuth1 (Twitter) while others use OAuth2. Auth0 simplifies this for you, encapsulating the differences, and unifying the way to call providers and the information retrieved from all of them.

How about including Social Login in your application for free? Try our new free production-ready plan, which includes support for two social network providers of your choice. For more information, check our pricing page.

1. In Auth0’s Management Dashboard, click Connections and then Social.
2. Flip the switch of the selected social network provider to enable it.
3. Select the applications in which you would like to use this provider.
4. The configuration popup will display. There you can select the desired attributes and permissions that you want to get from the provider. You can also enter your own App/Consumer Keys in this screen.
   

   Tip: In the settings of each provider, there is a link explaining how to obtain your key for that provider. If you do that, the consent page will show your logo instead of Auth0’s and you’ll be able to use Auth0 to do SSO for these connections.

5. Click Save.

The most common identity providers are readily available on Auth0’s dashboard. However, you can use Auth0’s Connections API to add any OAuth2 Authorization Server as an identity provider.

Adding your custom connection is easy! Just create a custom connection, fill the configuration file by setting the required properties for your provider, such as Authorization URL, Token URL, Client ID, Client Secret, and so on. Add logic to the fetchUserProfile method to get the user profile from the provider and customize the returned JSON object that contains the user information. Finally, use your connection with any of the Auth0 standard mechanisms (e.g. direct links, Auth0 Lock, auth0.js, etc.) to login.

More information about creating your custom OAuth2 connections can be found here.

Remember, you can always use Rules for more sophisticated manipulation of user information. If you are creating your own OAuth2 connection, we recommend that you use Google OAuth 2.0 Playground, where you can experiment with the OAuth 2.0 protocol and APIs that use the protocol. You can walk through each step of the OAuth 2.0 flow for server-side web applications. At each step, you will see the full HTTP requests and responses.

Wanna try it out? Get Auth0’s free production-ready plan with support for up to 7,000 active users.