3rd party authentication in mobile apps
Authentication via 3rd party SDK’s and libraries is quite common in mobile commerce applications. The main reason for this is to reduce number of forms and text fields mobile application user has to fill in before finally purchasing the item inside mobile application.
Statistically, chances are that your mobile application user already has existing accounts on the most popular social network apps, social shopping or eCommerce portals. What many of these 3rd party authentication libraries provide is the possibility for your application user to authenticate with the credentials from that ecosystem and stay loged in for specific time frame. All this process is completely hidden away from the mobile application its running in. This way the privacy of user credentials is kept secure.
Actual log in flow in most cases is handled by 3rd party mobile libraries supplied by the ecosystem itself and is performed either in app or in external mobile browser (Facebook, LinkedIn, Twitter and many other popular social destinations do provide such libraries). OAuth authorization framework is both – most popular method for enabling such authentications and is recognized as a technology standard.
What your mobile application gets back is verified user details (or scope) from the library provider. In most cases its registered user name, surname and email but as we will see later in this review some libraries do provide more information to application owner (if user agrees) and can be especially useful for designing checkout flows and creating simple mobile experiences in mobile commerce apps.