How Does Facebook Log in Option Works?
Facebook Login – There is a protocol called OAuth that helps in the management of users in large websites like Facebook, YouTube, Google, etc. by helping users log into a third-party site with their Google or social account details.
It is safe to log in on apps and third-party websites using your Facebook or Google account. Huge tech companies (e.g., Google, Facebook, etc.) use a standard called OAuth, which allows third-party websites to access and retrieve select pieces of information from these big websites to authenticate users.
Before we delve deeper into this technological mystery of logging in on websites, let’s take a quick look at the technological mechanism.
What is OAuth?
OAuth is a protocol that helps ‘big’ websites (websites that have a very large number of users, such as Google, Facebook, etc.) grant access to its users’ information to third-party websites or applications without sharing the users’ passwords and other private, sensitive details.
In more technical terms, OAuth is an open standard for secure access delegation, which means it is a service that allows web giants like Google or Microsoft to permit its users to share their select pieces of information with third-party websites or applications while protecting the confidential info of users at the same time.
OAuth is generally used by websites or applications like Facebook, Google, Twitter, and Microsoft, all of which have a humongous user database.
How does OAuth work?
This is basically how the OAuth standard works:
Suppose, you (the user) need to sign up/create an account on a third-party website/application (Giftcardgit.com).
First, you click on the “Sign up with Facebook’ button.
It redirects you to Facebook.com and checks whether you are already logged in to Facebook. If you’re not, then it prompts you to enter your username and password to access your account.
Once logged in, it shows you a small dialog box that describes the kind and extent of information that you’ll be sharing with the third-party website. If you are okay with sharing the required info with that third-party website, you press the ‘Continue’ button.
Now, Facebook log redirects you to the concerned third-party website with an authentication code, which is Facebook’s way of telling the website that ‘yes, this person holds a valid account with me’.
The website now shows Facebook the unique code it acquired when it first registered itself with Facebook as a legitimate website/application. Facebook uses that code to verify the identity of the website, and in return, grants an access token to the website.
It is this token that the website uses to gain restricted/limited access to some of your account information, usually consisting of your name, email address, gender and so on.
Over To You
This is, in essence, how OAuth helps big websites like Google or Facebook log grant limited access to users’ select pieces of information to third-party applications.
In a nutshell, OAuth lets you give third-party websites a special key that opens only one door of your house and simultaneously protects the master key (i.e., the username and password of Google/Facebook), which can open all the doors of the house.