Backendless now supports OAuth 2.0 integration for your apps.
With the advancement of user authentication technologies, app users are coming to expect the signup and login process to be as simple as clicking a few buttons. The days of filling out user registration forms are coming to an end.
It is more important than ever to offer secure and reliable third-party registration and login options. Backendless offers many third-party authentication options that are easy to implement and make your user signup process exceedingly simple.
By integrating third-party login options, you allow your users to skip the registration and login processes. Instead of creating a new account with a username/email address/password, the user can instead use their existing credentials from another service.
Despite “skipping” the registration step, you will still receive (with user permission) the user’s email address from the third-party. If a user logs in to your app through a third party without having previously registered with your app, a new user will automatically be created in your database.
Backendless provides integration with a large and growing number of login providers, including social networks and various cloud/enterprise systems. You can explore all available login providers in your Backendless Console by clicking the Users icon and then the Login Providers section:
Our latest addition is OAuth 2.0, or OAuth2. OAuth 2.0 is a common protocol used by Google and others for user authentication and authorization.
The Backendless OAuth2 Login API helps protect user data during the authentication process when using these providers. The API does so by protecting the final leg of the access token’s journey, described below.
Along with Backendless’ roles-based security, the OAuth 2.0 integration further protects your user data from malicious actors.
The OAuth2 Login API is used to “exchange” the OAuth 2.0 access token (provided by the login provider) with the user in the backend during the login process. A Backendless token is then returned to your client application, enabling the logged-in user’s security roles.
When using one of the above a login provider’s SDKs, the login process flow in Backendless follows three steps. Here is the authorization flow:
Step 3, where the OAuth integration takes center stage, is illustrated below:
If the access token belongs to a new user, a user will be created in your database.
Note that, in order to get the full benefit of this feature, you must use the login provider’s SDK. The provider’s SDK will include the login form itself and fully manages the authorization and authentication processes.
You can read the full documentation for Social and OAuth2 Logins here.
OAuth 2.0 support is just one of the powerful new features in this release. You can read our articles about the other new features released below:
Thanks for reading, and Happy Visual App Developing!