Blog

Secure OAuth 2.0 Login Support

by on June 25, 2021

Login to Backendless with OAuth 2.0

Backendless now supports OAuth 2.0 integration for your apps.

With the advancement of user authentication technologies, app users are coming to expect the signup and login process to be as simple as clicking a few buttons. The days of filling out user registration forms are coming to an end.

It is more important than ever to offer secure and reliable third-party registration and login options. Backendless offers many third-party authentication options that are easy to implement and make your user signup process exceedingly simple.

By integrating third-party login options, you allow your users to skip the registration and login processes. Instead of creating a new account with a username/email address/password, the user can instead use their existing credentials from another service.

Despite “skipping” the registration step, you will still receive (with user permission) the user’s email address from the third-party. If a user logs in to your app through a third party without having previously registered with your app, a new user will automatically be created in your database.

Third-Party Login In Backendless

Backendless provides integration with a large and growing number of login providers, including social networks and various cloud/enterprise systems. You can explore all available login providers in your Backendless Console by clicking the Users icon and then the Login Providers section:

oauth-providers.zoom80

Our latest addition is OAuth 2.0, or OAuth2. OAuth 2.0 is a common protocol used by Google and others for user authentication and authorization.

The Backendless OAuth2 Login API helps protect user data during the authentication process when using these providers. The API does so by protecting the final leg of the access token’s journey, described below.

Along with Backendless’ roles-based security, the OAuth 2.0 integration further protects your user data from malicious actors.

The OAuth2 Login API is used to “exchange” the OAuth 2.0 access token (provided by the login provider) with the user in the backend during the login process. A Backendless token is then returned to your client application, enabling the logged-in user’s security roles.

OAuth 2.0 Login Process Flow

When using one of the above a login provider’s SDKs, the login process flow in Backendless follows three steps. Here is the authorization flow:

  1. User in your client application selects the provider, which directs them (via the SDK) to the provider’s login process.
  2. User proceeds through the authorization process with the provider. Once the user completes authorization with the provider, the provider will send an access token back to your client application.
  3. The OAuth2 Login API then sends the access token to the server-side of your application, in Backendless, where it is exchanged for a session token, which is then returned to the frontend.

Step 3, where the OAuth integration takes center stage, is illustrated below:

oauth-sdk-step3

If the access token belongs to a new user, a user will be created in your database.

Note that, in order to get the full benefit of this feature, you must use the login provider’s SDK. The provider’s SDK will include the login form itself and fully manages the authorization and authentication processes.

You can read the full documentation for Social and OAuth2 Logins here.


OAuth 2.0 support is just one of the powerful new features in this release. You can read our articles about the other new features released below:

  1. Support for the Transaction API in Codeless
  2. Support for Multiple Custom Domains
  3. Deep Save API

Thanks for reading, and Happy Visual App Developing!

Leave a Reply