We're trying to get a bunch of apps either up and running and/or working together. For one of them we've set up a CMS to be basically the glue for everything and have been punching in users manually ("registration" is "closed"). Logging into the CMS requires they use their email provider if their email address' domain matches a supported provider, otherwise they have to use Facebook with that email as the account's primary address (Facebook only allows verified emails to authorize apps).
We're finally moving on to integrating commerce, i.e. FoxyCart, which also means opening up registration. So there's a lot of planning (or rather re-visitation of old planning) & development up ahead...
Originally we were thinking once we got around to integrating FoxyCart we'd basically force the user to login/register, create a customer on FoxyCart's end (via the API?) if need be, then allow them to make purchases.
I was reviewing SSO Best Practices
and I agree with the counsel it's better to remove hurdles.
However, I'm not sure how to go about that given our setup... probably the reason for forcing login/registration is that in FoxyCart's checkout process they'd have to use a password. We're trying to eliminate password entry, not to mention they'd have no idea what the password is in the CMS as it is not used (and depending on the app may not even exist).
I have not yet fiddled with API/DataFeed, am currently trying to figure out how to tailor FC + our CMS to our needs for immediate development as well as moving forward.
Is there any alternative streamlined checkout process we could provide with our given setup? The way I see it so far is that the alternative to CMS-initiated FC login (forced customer account) would be a guest account... If they checkout as a guest with a new email will that register in both our system via the datafeed as well as FoxyCart as a customer (as in maintain a history... as opposed to being like some standalone transaction...)?
As for if they type in an existing email...for example since FC automates finding existing customers (which brings up another question... can we make customers without transactions? e.g. with only an email make a new customer in FoxyCart?) via the email field... perhaps instead of the password prompt coming up we could just have a link back to our login/registration process? How then would the cart be maintained? fcsid would be good enough?
Please advise. If I need to elaborate/reiterate to be more clear let me know.
TL;DR - We don't use passwords for our users to login. What can we do for SSO?