For quite some time now, many sites have provided, along with standard authorization, authorization through social networks and web services. You have a choice:

1. Go through a relatively long registration process - entering your email/password/captcha and activation by email.
2. Just click on the icon of the social network in which you have an account and confirm access.

Why not abandon the standard registration mechanism altogether? By the way, this is exactly the approach that is implemented in the on(X) web service from Microsoft - authorization only through Facebook.

But not everything is as rosy as it might seem at first glance. Let's highlight the positive and negative aspects of social authorization, taking into account the fact that we are going to completely abandon registration using the email/password combination.

Advantages:

• Quick authorization on the site.
• User data from the authorization provider.
• No passwords.
• Lack of account activation.
• The only form is the authorization form.

Flaws:

• Some authorization providers do not provide email.
• Different formats for provided user data.
• Audience preferences.
• You may forget which service you used for authorization.

The merits of this approach are clear. We are more interested in the shortcomings and ways to solve them.

Flaws

Some authorization providers do not provide email

Yes, the most important information that we need to know about the user may not be available with some providers. In particular, VKontakte and Odnoklassniki do not provide it in the public API. Facebook and Google are more loyal to email addresses and, with the help of certain permissions, will successfully return this information to you.
Solution:

1. One of the popular solutions to the problem is to simply ask the user after authorization. This will add additional dialogue and you will have to go through the activation procedure.
2. Depending on the target audience, refuse authorization providers that do not provide email.
3. Do not use an email address. Again, not everywhere you can so easily abandon almost the only means of user feedback. Let's say social The VKontakte network uses a mobile phone number for registration. Here you need to think about how the user will restore access to the site if he deletes his account on the social network.

Different formats for provided user data

Sometimes you need to know a little more about a user than just their social media ID. networks. Such data may include: first name, last name, nickname, gender, avatar, date of birth. Since the OAuth and OpenID protocols are not designed to obtain any data about the user, you will have to use the API of each specific service and the returned data will be different everywhere. In particular, authorization providers Google, Vkontakte, Facebook and Odnoklassniki provide all of the above data. All that remains is to process them.
Solution: if you really need additional data about the user, request it from the authorization service. If you need even more specific data, ask the user to enter it himself after authorization.

Audience Preferences

Well, now we’ve come to the most problematic question - won’t such a refusal to standard registration discourage your target audience? My opinion on this matter is this: even if a person absolutely does not want to log in through social services, but there are no alternatives to your service, he will eventually give up. I personally adhere to this algorithm: if I plan to use a specific service in the future, then I definitely register there using a login and password. If the site does not have such an opportunity, then I will log in through social media. networks.
Even if the user is not on social networks, then he must have an email account for gmail, mail.ru or other services. Therefore, the case where the user simply does not have a single account with the provided authorization services is unlikely.

You can forget which service you used for authorization

If your resource allows you to log in through over9000 providers, and the user has at least 2 accounts with these providers, then he may simply forget which specific method he used to log into the site. In case of an error, a useless record of a new registration in the database will be created.
Solution: record the authorization service in cookies and highlight it on the login page. This may pose some kind of security risk, but I can't immediately think of a way to seriously take advantage of it.

Conclusion

The idea of ​​giving up regular registration is very tempting, but it all depends on whether you can get rid of the problems described.

P.S. You can read some statistics from uLogin

Using a social network account VKontakte, Odnoklassniki, Mail.ru, Facebook, Twitter or Google, you can log in to Yandex without registering or entering a password. To do this, just click the logo of your social network on the form:

Example of authorization via Facebook

After clicking on the logo, a new window will open in which the further authorization process on Yandex will take place. After you go through the steps below for the first time, you will be able to log into Yandex with one click on this logo.

The used Facebook account will appear on the page in Yandex.Passport, and the name received from the social network will be displayed on Yandex services.

Questions and answers

Why create a username and password on Yandex?

A Yandex login and password may be required to access some services - for example, to use Mail or Disk.

What should I do if I forgot my social network password and can’t log into Yandex services?

How to tell a Yandex support employee your login

If a Yandex support employee needs your login to solve a problem, and you haven’t created a login yet, just copy the number from the page.

Is authorization via a social network safe?

In addition, at any time you can block Yandex’s access to your profile: just delete it from the page.

Some users regret that no one has yet invented social networks without registration. Such projects would have many advantages, but also a lot of disadvantages. And most importantly, no one would be able to maintain their own page. It is for this reason that no one creates them, but if necessary, you can use them without registering.

You can use any similar networks. Of course, the functionality will be limited, but it’s easy to find a person, check when he was online or watch a video. This does not require programs or browser extensions; open access is provided to everyone.

How to log into VKontakte or Odnoklassniki without registration?

If the main task of switching to social. network without registering - this is a search for people, it is much easier to use a special service from Yandex. Follow the link yandex.ru/people and you will be taken to a special search for people. Just enter your first and last name to get the list:

To make the search more accurate, you can enter additional data and select specific social networks. On Odnoklassniki, and in many other social networks, pages are not hidden from unregistered users, so open any profile:

Similarly, you can search in any other social networks. networks. When using VKontakte, you don’t have to switch to Yandex.People. There, user search is open to everyone. Enter vk.com/search in the address bar and the page you need will open:

In the main line you can specify your first and last name, and additional data can be entered through the side panel:

Some people have pages hidden from public access, but most often they are public. Therefore, you can easily view photos, videos, wall posts, status and much more.

Odnoklassniki without registration

Just go to this site and on the main page you will see popular posts and videos:

Without registering, you can go to any community and view posts. When you try to write a comment or join a group, you will be taken to a login page.

Visit social networks, despite the limited functions, you will still be able to view profiles and almost all content. If this is not enough for you, but you do not want to use your profile, then the best option is to create an additional page. Don't have a free phone number? Buy a ready-made account on Buyaccs.com. This online store sells profiles from almost all social networks. networks:

The cost depends on how full the account is and how many friends there are on it. You can pay by any means, from bank cards, electronic money, and even transfer from your phone balance (via Robokassa). By spending a little money, you will get a profile and be able to use social networks without registration.

Sites such as VKontakte, Odnoklassniki, Facebook and Twitter are used for various purposes, but we must not forget that they are all suitable for remote work. Find out and use them by following simple steps, you can easily get a little money to buy accounts for yourself or pay for mobile communications.

In this manual, we will look at how to set up authorization through the following social networks:

If you want to create your own user authentication app, follow the instructions below. When asking for authorization permission, this will allow you to display your logo and site name instead of the default values:

In contact with

Click on the “Create Application” button. The VKontakte account login page will open:

Come up with a name for the application and click on the “Create” button. On the new page, provide detailed information about the application. It will be displayed when users register (request permissions):

After saving the changes, go to the application settings and copy the “Application ID” and “Secure Key”:

Specify the copied values ​​in the site control panel and click on the “Save” button:

Now return to the application settings on the VKontakte website and fill in the data:

• "Open API" - enabled;
• “Site Address” and “Base Domain” - your attached domain.

The application is ready to use. Log in using the VKontakte social network and check how the data specified in the application is displayed.

Facebook

Click on the “Create an application” button and on the page that opens, log in to your personal account on the Facebook social network.

Then click on the “Register” button:

To register, you will need to confirm your account by entering your phone number:

Fill out the application form and click on the “Create application ID” button:

Copy the "Application ID" and "Application Secret". They need to be specified in the site control panel in the “Client ID” and “Client secret” fields, respectively:

From the control panel, copy “Redirect URIs”:

Now on the Facebook developers website, select “Settings” in the left menu and on the page that opens, go to the “Advanced” tab:

On the page, find “Valid OAuth redirect URLs” and paste the URL you obtained earlier into the field:

Yandex

Click on the “Create an application” button and on the page that opens, log in to your Yandex personal account. After authorization, fill out the new application form:

Set the following permissions for the application:

• Access to date of birth;
• Access to email address;
• Access to login, first and last name, gender.

Copy the “Callback URI” from the site control panel, specify it in the “Callback URL” field of the application and click on the “Save” button:

Copy the application ID and password:

Enter this information in the site control panel:

The application is ready to use.

Google+

Click on the “Create an application” button and on the page that opens, log into your personal account of the Google+ social network.

On the page that opens, select “Google+ API”:

To enable the API, you need to create a project. Click on the “Create Project” button:

Fill out the project form, accept the terms of use, then click on the “Create” button:

Now you can enable the API:

And start creating the application:

Creating an application consists of four steps:

1. Select the type of credentials:

2. Create an OAuth 2.0 client ID, specify the domain address and the allowed redirect URI (copied from the control panel):

3. Fill in information about the application - it will be shown to the user during registration:

4. Click “Finish”:

Our application is ready to go. Let's go to his page. To do this, click on “Credentials” in the left column and select an application from the list:

Copy the client ID and secret to indicate them in the site control panel:

Twitter

Click on the “Create an application” button and on the page that opens, log in to your personal account on the Twitter social network. To create an application, you will need to enter and confirm your phone number (

There is useful specific information about the technical implementation.

And in short...

For authorization and registration, the same “users” table is used. Together with normal registration and authorization, when during registration (in its simplest form) the user’s email, password and login are added to the “users” table, and during authorization the correspondence of the entered login and password with those existing in the database is checked, it is used in a similar way and registration/authorization through social networks. Only in this case, the source of data about the user for his registration is not the direct user who enters the data into the form, but the social network. net. Registration in this case is quite transparent, i.e. not visible to the user. The scheme is approximately as follows (without the peculiarities of the Oauth protocol):

1) The user selects login via social media. net.
2) There is a call to the authorization page in this social network. network, if the person has not yet logged in there. After entering the data, and if he was previously authorized, a request is made for permission to use his data.
3) If a person refuses, then that’s the end. If he agrees, he is redirected to the site page specified in the Oauth settings.
4) Every user on social media networks have their own unique identifier that can be requested. For your "users" table you need to add a couple of additional fields (for example, like these): auth_via (enum("native, "vk", "mailru", "...")) - to indicate the type of user registration, and social_id - a unique identifier in the social network will be stored here. If you need to store some specific data of this user from social networks, you can create additional fields for this data.
5) After the user has given permission to use his data, it is necessary to request the necessary data from the social network. networks, incl. and user ID in social media. networks. This is where the invisible registration process begins. You need to check whether there is a user with this social_id in the database, if not, then insert the social_id, the user’s data from the social network. networks, if necessary, in the database. That's it, the user is registered.
If there is data about the user, then you need to request current data from social media. network, compare them with those in the database and if they have changed, then update them in your database; if not, then simply move on to the next step.
6) A session with user data is created.

Thus, the existing table of “native” registration of site users is joined, relatively speaking, by a table with fields necessary for registration/authorization through social media. networks., and they do not interfere with each other.

For a user registered from social media. Naturally, there is no network password and login. They are needed for authorization. And because The user logs in using his social login and password. network, then there is nothing to indicate here. And yet, during authorization, you can add a condition to the login and password verification request

"AND WHERE `auth_via`="native""

To exclude users registered from social networks. networks.

As you can see, an internal (intrasite, so to speak) primary, auto-incrementing key is created for each user in the table. Accordingly, there is no difference for the site logic between a user registered through social media. network and through the website. If we talk about an online store, then to link orders to a user, you can use a single, internal ID.