SSO with Social Media Login

awellstnawellstn Member
in General edited February 2013
Does FoxyCart's SSO work if my site only uses social media logins ("Login using Facebook", "Login using Google", etc)? I don't think I need examples at this time, just a simple answer on whether or not it's possible.

Thanks.
Tagged:
Comments
  • fc_adamfc_adam FoxyCart Team
    @awellstn,

    Yes - that should be possible. We have discussed making integrating with those social auth endpoints easier in the future - but if you can validate a user on your site against those endpoints it should be possible to use them for SSO.

    Just worth noting, you'll need to create the corresponding FoxyCart customer account using the API within your SSO endpoint for the first time they check out - so you'd create the customer then. Something to note here though - I'm pretty sure those services wouldn't provide you with the customers password - hashed or not - so you won't be able to sync the customers password between FoxyCart and their social login. That would be one part of the process that would be missing.
  • @fc_adam

    Thanks for the quick reply.

    I don't think I would need a password from the social site. On their first checkout, I could create a FoxyCart customer account with a random, hashed password that is "invisible" to the customer. Then, I could use the transaction datafeed to create an "invisible" user account on my site that is tied to their email from the social site and tied to the FoxyCart customer account. Am I missing any pieces in that scenario?
  • brettbrett FoxyCart Team
    Sounds workable to me as well.
    That said, if FoxyCart added social logins natively, how would you like that to look? Like @fc_adam mentioned, it's definitely something that's come up. Apparently adding social logins can cut _way_ down on fraudulent orders, which is an interesting perk.
  • @brett

    - user clicks “Checkout”;
    - user is taken to checkout page and social logins are an option next to email address
    - user is asked to log in or confirm authorization of social site

    alternatively:

    - user clicks “Checkout using [social] credentials”
    - user is asked to log in or confirm authorization of social site
    - user is taken to checkout page and is already logged in

    I imagine FoxyCart's API being set up to handle all of the OAuth2/OpenID authorizations once the FoxyCart user has entered the social site's API key in the Admin area.

    This is just off the top of my head. If I think of anything else, I'll post here again.
  • brettbrett FoxyCart Team
    Thanks @awellstn. I appreciate those thoughts. I think taking the first approach would probably be easier (throw a little pop up window) so it doesn't clutter the cart itself, but if we can make it flexible that's what we'll go for.

    Could you create a request for Social Logins on our request board? http://requests.foxycart.com/
    It's come up a few times but I just realized nobody's made it official. Once it's there we'll update that request's status with any updates. (To be clear, this isn't the priority right now, but when we get started it'll generate email notifications to everybody that votes for it.)
Sign In or Register to comment.