Secure OAuth 2.0 Login Support
To further bolster your user management capabilities, Backendless now supports OAuth 2.0 integration for your apps.
With the advancement of user authentication technologies, app users are coming to expect the signup and login process to be as simple as clicking a few buttons. The days of filling out user registration forms are coming to an end.
It is more important than ever to offer secure and reliable third-party registration and login options. Backendless offers many third-party authentication options that are easy to implement and make your user signup process exceedingly simple.
By integrating third-party login options, you allow your users to skip the registration and login processes. Instead of creating a new account with a username/email address/password, the user can instead use their existing credentials from another service.
Despite “skipping” the registration step, you will still receive (with user permission) the user’s email address from the third-party. If a user logs in to your app through a third party without having previously registered with your app, a new user will automatically be created in your database.
Third-Party Login In Backendless
Backendless provides integration with a large and growing number of login providers, including social networks and various cloud/enterprise systems. You can explore all available login providers in your Backendless Console by clicking the Users icon and then the Login Providers section:
Our latest addition is OAuth 2.0, or OAuth2. OAuth 2.0 is a common protocol used by Google and others for user authentication and authorization.
The Backendless OAuth2 Login API helps protect user data during the authentication process when using these providers. The API does so by protecting the final leg of the access token’s journey, described below.
Along with Backendless’ roles-based security, the OAuth 2.0 integration further protects your user data from malicious actors.
The OAuth2 Login API is used to “exchange” the OAuth 2.0 access token (provided by the login provider) with the user in the backend during the login process. A Backendless token is then returned to your client application, enabling the logged-in user’s security roles.
OAuth 2.0 Login Process Flow
When using one of the above a login provider’s SDKs, the login process flow in Backendless follows three steps. Here is the authorization flow:
- User in your client application selects the provider, which directs them (via the SDK) to the provider’s login process.
- User proceeds through the authorization process with the provider. Once the user completes authorization with the provider, the provider will send an access token back to your client application.
- The OAuth2 Login API then sends the access token to the server-side of your application, in Backendless, where it is exchanged for a session token, which is then returned to the frontend.
Step 3, where the OAuth integration takes center stage, is illustrated below:
If the access token belongs to a new user, a user will be created in your database.
Note that, in order to get the full benefit of this feature, you must use the login provider’s SDK. The provider’s SDK will include the login form itself and fully manages the authorization and authentication processes.
You can read the full documentation for Social and OAuth2 Logins here.
OAuth 2.0 For Codeless
OAuth support is also available as a Codeless block in Backendless, both on the backend and in UI Builder. This block can be found in the Backendless (API) section of Codeless, in the Users API group.
Read our full article about how to utilize the OAuth Codeless block here.
OAuth 2.0 support is just one of the powerful new features in this release. You can read our articles about the other new features released below:
Thanks for reading, and Happy Visual App Developing!