Social networking login using iOS

Question

I'm writing an iPhone app which works against my own server.

Basically, it's a forum where users can post. I don't want users to sign-in for an account on my server but I rather prefer them to login using any existing account they have: Facebook, Linkedin, Foursquare, etc. So from the app itself, I want them to be able to login using their existing account which will then allow them to post on the forum.

My question is that: when a user is posting a message, how can I verify whether or not he is logged in with any service? I need to validate it both on the client and server side. I plan on writing the server side using PHP.

Thanks

Answer 1

See this question for a similar discussion (just limited to Facebook sign on). Here's a high-level overview of what should happen (taken from that discussion I linked to):

1. User opens the app on the phone. Chooses a service with which to authenticate.
2. Authenticates via one the available services (Facebook, Twitter, foursquare, etc.) and gets some special access token .
3. Your app takes the token and sends it to your server.
4. Your server receives the token and validates it. It checks it against the service's API and (at least for Facebook and Twitter) get the corresponding user ID.
5. Assuming a valid ID, your server checks if user ID has already been used by some user. If so, it logs them in. If the user ID hasn't been created, your server creates its own user record associated with that user ID and logs the user in. In either case, the user ends up logged in and your server issues a session key to your app.
6. The session key is used for all further communication between your app and your server until the user logs out.

On the phone, you're going to want some OAuth library to allow users to authenticate with another service. You'll probably want to use the Facebook iOS SDK to allow them to use Facebook and use one of the suggested OAuth libraries here for your other authentication services. I have only used the Facebook SDK, so I can't speak as to the general OAuth libraries.

Once logged in, the phone should not store the access token , only the session key .

Assuming that users can use more than one service to access their account, you will also want some way of connecting two services to the same user (probably by email address).

It's up to you to decide how your app and your server communicate. I'd go for a JSON+REST API for communications with the server.

Answer 2

I was exploring if better/easy to use/implement options exist in 2020 using third party libraries to allow login with social accounts. And found two options:

1. AuthorizeMe - https://github.com/rubygarage/authorize-me & https://rubygarage.org/blog/authorizeme-ios-libary
2. Auth0 - https://auth0.com/learn/social-login/ & https://auth0.com/blog/using-centralized-login-to-add-authentication-to-your-ios-apps/

AuthorizeMe supports:

1. Facebook
2. Twitter
3. Google
4. Instagram
5. LinkedIn

plus custom providers

Auth0 supports:

1. Facebook
2. Twitter
3. Google
4. Microsoft (Windows Live)
5. Yahoo
6. Instagram
7. Amazon
8. LinkedIn
9. Github
10. PayPal
11. vKontakte
12. Yandex
13. Box
14. Baidu
15. Ren Ren (Xiaonei)
16. Weibo
17. Shopify
18. Wordpress
19. Yammer
20. SoundCloud

and custom providers as well

Disclaimer: I am not affiliated with Auth0 or AuthorizeMe.

Answer 3

Another option to get your users to login using multiple services is Socialize (www.getsocialize.com). It's an open source SDK that manages your users and authentication so you don't have to implement all the steps that cbrauchli has outlined above.