Facebook Apps In Action
(click image for larger view and for slideshow)
New social websites and applications increasingly piggyback on existing ones, using "login with Facebook," "login with Twitter," or "login with your Google account" functions rather than expecting users to create accounts specific to their own sites or services.
"To the user, this looks like magic," said Matthew Rothenberg, head of product at Bit.ly and moderator of a panel discussion on the topic at South by Southwest. The SXSW panel included representatives from Facebook, Twitter, and Google to talk about the Single Sign-On (SSO) authentication and account integration services they make available to developers. For developers, "this seems absolutely fantastic--and for the most part it is," Rothenberg said. Yet he also cross-examined the panelists on the parts that can be very hard, such as dealing with standards that each service implements a little differently and the pitfalls of reconciling accounts across different services.
"Some of you let me ask for an email and some don't," Rothenberg noted. In order to make sure Bit.ly captures that information, "we wind up doing what you're not supposed to do with SSO, which is throwing up another screen saying we also want you to supply this other bit of information," he said.
Facebook makes email addresses available, with the user's permission, but Twitter does not even though it uses some of the same basic Web standards.
The most broadly adopted standard for authorizing one website to share account information with another is OAuth, which generically specifies the mechanics for interactions like those Facebook pop-up windows that ask you to grant an application a list of permissions for different types of access to your Facebook account. Twitter and Google also support OAuth, and Google also supports OpenID, another standard for logging into one account using credentials associated with another. These mechanisms simplify life for users, who can use many websites without having to remember as many user names and passwords, while also lowering the technical burden on the websites. This is one of the most powerful techniques for boosting viral adoption.
As social login becomes more the norm than the exception, "it becomes all the more of a turnoff when you hit a site that wants you to fill out a signup form," said Matt Kelly, an engineer in the developer relations group at Facebook.
"If I was creating a startup tomorrow, I would start with SSO. I wouldn't want to build my own identity system," said Joseph Smarr, an engineer at Google and a technical lead on the Google+ project.