Technical Notes Of
Ehi Kioya

Technical Notes Of Ehi Kioya

Home » Musings » Dos and Don’ts When Using Oauth for Social Media Access

Dos and Don’ts When Using Oauth for Social Media Access

Last updated on June 9th, 2018 at 08:45 pm by Leave a Comment

OAuth is convenient when you want to allow users to log in to your site, but you don’t have the security know-how to handle the process of transmission and storage. OAuth also makes it convenient for users to log in to your site, and you still get access to social media data. When a social media platform gives you access to an API for web development, you should do data mining responsibly. This article gives developers five dos and don’ts (as per user data) when using OAuth for social media login and access.

Using Oauth for Social Media Access

Keeping your customer data secure is one of the most important yet difficult parts of doing business online. OAuth gives you a way to deal with customer logins without housing any of the critical data when authenticating a user. Have you ever seen the “Log in using Facebook” button some online businesses use for handling user authentication? This button “talks” to another website (specifically, the social media site – Facebook in this case), and it’s this third-party application that verifies the user name and password. The open standard used to authenticate users is OAuth. It’s used by most social media outlets that let you authorize users with an API, but you’re still responsible for using third-party data responsibly.

You can read more about the benefits of using OAuth for login and access here: How OAuth Can Make Your Web App Safer and More Useful

Don’t Annoyingly Post to Users’ Facebook Walls

Have you ever had friends complain that some program is auto-generating Facebook Wall posts? Auto-generating posts about the status of a game or even just random comments to market your app is not only annoying to users but it reduces trust with your customers. Be responsible when having access to your customer’s social media.

Don’t Try to Intercept Data

OAuth handles the messaging between your site and the third-party social media site. You don’t want to phish for information you shouldn’t have access to. For instance, don’t try to intercept a user’s name and password and log it for your own malicious intent. It’s better to have a trustworthy site that customers love than have a short-term malicious site that customers distrust. Any malicious activity can also lead to any access to third-party APIs rescinded.

Do Give Users Multiple Options

Most developers use Facebook’s login API, because it’s assumed that most people have a Facebook account. However, there is always a chance that some of your users don’t use Facebook. OAuth is used by a vast number of social media outlets including Twitter, Reddit, Pinterest, Instagram, Google, LinkedIn and Tumblr. Give your users several options when you use OAuth for logins. Just in case a user doesn’t have Facebook, use one or two other social media platforms for login options.

Do Keep Your Users Data Secure When You Mine Their Data

When a user logs in using social media, the social media site tells the user what access is given to your app. This aligns with social media’s attempt to be open about what type of data is given to a third-party. When the user logs in to social media from your site, you are the third-party. If you abuse access, the user can revoke access at any time.

When you are given access to data, you have the option to privately store that data. Even though social media handles login information, you still need to take the necessary precautions to secure any data you extract from the API and store into your database. If the data is sensitive and could cause identity theft problems for your users, make sure you add encryption to your storage routine.

Do Keep Your Own Privacy Policy

The issues of security and privacy continue to be a hot topic on the Internet. Users want to know what type of data you keep and what you do with that data. Be open and honest about your data mining techniques. Make sure you keep a terms of use and privacy policy on your site, so there is no question of how you store data.

OAuth is convenient for developers. You can let go of any complex login procedures and let the social media API handle it. However, the onus is still on the site developer to keep users’ data safe and use customers’ social media access responsibly.

Found this article valuable? Want to show your appreciation? Here are some options:

  1. Spread the word! Use these buttons to share this link on your favorite social media sites.
  2. Sign up to join my audience and receive email notifications when I publish new content.
  3. Contribute by adding a comment using the comments section below.
  4. Follow me on Twitter, LinkedIn, and Facebook.

About Ehi Kioya

I am a Toronto-based Software Engineer. I run this technology blog, as well as this consumer products shop.

To share your thoughts or get help with any of my posts, please drop a comment at the appropriate link.

You can contact me using the form on this page. I'm also on Twitter, LinkedIn, and Facebook.

Here's my more detailed about page.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *