How often have you found yourself trying to remember which username or email address you used a few months ago to register on the website? Or trying to log in and then wondering if that’s wrong password or different email? It’s just too many websites and too many logins to remember all of them.
There is a nice and easy way to help people with this issue and make your weebsite more attractive and easier to use. You may have noticed, that more and more of websites offer option to log in using some kind of 3rd party service. Most popular ones are
- Connect with Facebook
- Login with Twitter
- Login with Google Account
- Login with OpenID
- and more other services
So, what happens when user connects using one of those services?
First, user is redirected to the site of the company which account they are using (authentication provider), they log in there, then get redirected back to your site with unique session key. Now, your website can request more info about the user using that key, most common will be email address and name. That’s enough information to create an account for user in your own database and store reference to the profile ID of the authentication provider (Facebook or Twitter ID). So next time when user connects to your site using the same service, you can retrieve previously stored preferences and user’s data and work with it like with regular session.
It’s still good idea to give user chance to create account on your site without using any of 3rd party providers – some people don’t have those accounts or don’t want to use them, so keep this option open as well. Just make the registration form really, really short and simple – email and password is usually enough to create an account. If you need more information, you can always ask it later, when you actually need that. This way, user won’t go away just because your registration form looks like mortgage application.
One thing to remember when deciding which authentication providers to support: usually there are some additional services available through the authentication provider, for example, Facebook allows a lot of interaction between user’s Facebook account and your application, it could be accessing profile info (including photos and friends), posting to the wall, sharing links, etc, etc. So, even if you are not using those features right now, it worth thinking if you want to do that later.