Oauth vs Conventional login system authentication. Which to use?

Asked

Viewed 782 times

0

Imagine the following scenario:

You are setting up a project where anyone can register with basic data (name, photo, age) to use your product. And as it is on the internet there is no way to predict the number of potential users who can sprout overnight.

Well, thinking about this aspect, I would like to know if it is worth using the Apis provided by companies such as Facebook, Twitter and Google to access the data of these users (oAuth), or if yet it is worth keeping the traditional login style, providing a method of registering the user and storing their information on a server of their own.

In my opinion, apparently the strengths of using Uth would be:

  • User registration facility;
  • Speed in obtaining data;
  • Resource savings (since data comes via external API);
  • Data always up to date;

But since I never messed with this type of API I honestly don’t know if it’s worth it or not, so, mainly from a scalability point of view, it’s worth using oAuth Apis or conventional login (own bank)?

database oauth oauth2
  • 1

    just a note, read this news, because it is likely that authentication via Oauth starts to be little used for some time, maybe users use less because of this failure that you will find better in the news. http://www.techtudo.com.br/noticias/noticia/2014/05/safetyfailure-affectingbook-google-e-microsoft.html

  • 1

    @Enzotiezzi believe that there are still more flaws that have not been discovered, however it is worth mentioning the ability that Facebook has to solve the problems and even so still has more credibility than a system of its own.

  • @Filipe Yes, it was just a touch to see if it would affect something in its development.

1 answer

3


What I will answer is not an opinion, I believe that most programmers will agree, which makes it almost a rule.

There are advantages and disadvantages of using Facebook login and a conventional system.

Facebook login - Main advantages

  1. Eliminates the need to create a new account on your site, just authorize your application to collect the information, preventing the user to create another login and password;
  2. Avoid filling out long registration forms;
  3. Avoid account validation by email, since this step has already been carried out at the time of registration on Facebook;
  4. Information will probably be true once it is used in the user profile.
  5. Updating data on Facebook itself, preventing the user from getting incorrect data in your application.

Facebook login - Main disadvantages

  1. Fear on the part of some users to make data available on unknown websites.

  2. Updates to the Facebook API, which can lead to login crashes and consequently inconvenience for users. Summarizing it is necessary to follow closely the evolution of the tool.

  3. Subject to the terms of use of Facebook, the ending nobody knows when Zuckerberg will wake up in a bad mood and decide to charge for the use of the tool and believe me, with the recent modifications on Facebook, I do not doubt!

However use the conventional login, I know people who have abandoned or simply do not use Facebook.

If you have patience, also implement Google+ and Twitter login.

From what I understand, your application is at the beginning, if big companies (like Pinterest, Yahoo, etc... ) use Facebook login to raise new users, let alone us poor mortals.

  • At the end of the day it is worth even the confidence of the creator in the existing tools in the market or the need to centralize everything. + 1 for information.

  • @Filipe.Fonseca I believe that the purpose of logging in with Facebbok is to centralize everything, but this will only be 100% effective on the day it is mandatory to have a profile :) and yet one day Facebook falls and some other comes up... and so we walk back and forth!

  • 3 - Avoid validation of the account by email, since this step has already been performed at the time of registration on Facebook; An addendum: Validated email is not required by Facebook, I explained: I had a case of someone who registered on Facebook with a 'fake' email from a domain of mine and I found out because they received the 'catch-all' of emails. I reported and the user kept the account with this email that 'does not exist'.

Browser other questions tagged database oauth oauth2

You are not signed in. Login or sign up in order to post.