By Justin Pirie @justinpirie
As a customer, giving my information away to another website always gives me pause.
But if I can login with an identity I’ve already established, via, say Facebook or Google–eliminating the need to input my information again and the need to share it with an as yet untrusted party–it becomes much more attractive to try something new.
This form of social login has some pretty big security advantages. Without it, customers suffering from “password fatigue” tend to reuse credentials across websites and digital services. The result is that credentials compromised on one site are actually compromised across the web. Any malefactor now holding those credentials can try them on any number of sites or services, potentially gaining access to valuable personal data.
From a business perspective, your data is going to be more secure if you’re not managing passwords yourself, and are instead relying on an Identity Provider (IDP) to manage authentication. Social login is just another IDP to authenticate against.
We have two easy ways to authenticate against IDPs at ForgeRock: the traditional method is to deploy OpenAM agents, and the new method uses OpenIG as a relying party instead of deploying an agent.
A relying party is an application which needs to reliably identify users without having the responsibility of authentication and credential management. For example, a shopping website needs to uniquely and repeatedly identify customers in order to store their shopping basket, account, and billing information. By acting as an OpenID Connect relying party, it can do this without having to authenticate customers itself. Instead, it can delegate these security responsibilities to an IDP (e.g. Google, Facebook, etc.) and focus on its own business responsibilities (e.g. shopping).
Where this gets interesting is now with OpenID Connect, you can easily connect to a number of social login providers, including Google, Facebook, Linkedin, etc, as well as your own IDP.