What Happens When You Log In with Your Facebook or Google Account?

We all have seen the button that says “Login with Google” or “Login with Facebook” and if you are reading this, chances are, you have probably used it too. So, what exactly happens when you use this kind of logins instead of a traditional “sign up for an account and then login” and how does this process actually work! Well, you’ve come to the right place.

Whenever we need a little to do with a website, there’s always a catch. Almost every one of them asks you to log in before they let you use their services. But to log in, you need to have an account first and if you don’t have an account with them already, then you need to create one. But you probably don’t want to create yet another account, if you are like the majority of us. I mean, how many accounts credentials should a person remember! We have important things to remember, like the birthday of your significant other. You don’t want to forget that while trying to remember all these different accounts credentials. That’s where these login options with your Google or Facebook account comes to rescue.

Almost every third party websites you would probably use in your life or have been using has such login options. So, you can just login using your Google or Facebook account without any hassle of remembering new passwords or the hassles of creating a new account from scratch. Now that we know why these login options are there, let’s see what happens when we do that.

How These Kinds of Logins Work

The reason why every websites want us to create an account is because they want to know who their users are. To verify users they need information about theirs users. That’s why each sign up form has fields like your name, gender, age, email, country etc. So, either you create an account from scratch or use login options as we’ve discussed. If you create an account from scratch, they get the information from the form that you need to fill up. But if you use login options, then they will get these information from the account you've used(Google or Facebook) to login to their website.

Every big player like Google, Facebook, even Apple has this feature to let their users login using their account. They use an authentication protocol called OAuth, more specifically OAuth 2.0 currently for this purpose. So using this protocol, the third party websites ask for information about you to Google, Facebook or Apple whichever you choose as to login.

For example, let’s say you want to sign in to Unsplash using your Facebook account. First you click on where it says “Login with Facebook” as in the image below.

Then it will redirect you to Facebook. It will then ask you to log in to your Facebook account if you are not already logged in as in the following image.

But if you are already logged in, then it will ask you to continue with your Facebook account as in this next image.

Now if you continue, then it will redirect you from Facebook to Unsplash and you will be logged in to Unsplash with your Facebook account.

So while all this is going on, what exactly happens is Unsplash asks for an authentication code to Facebook, in reply to which Facebook gives one to Unsplash if you continue with Facebook. What this authentication code basically tells Unsplash is that, “yes, this is a valid user of Facebook.” Then Unsplash uses that code to gain some limited information about you from Facebook, of course, to which you’ve already agreed to while continuing with Facebook.

That’s it, you are logged in with your Facebook account. This is pretty much same for login with Google or Apple as well. Now if you are wondering what information does Unsplash get from Facebook, well, that’s what we are going to discuss next.

What Information the Third Party Website Gets

Normally these third party websites only get some basic information like your name, profile picture, birth date, email etc. But you still need to be a little careful because there are different kinds of access requests from these websites. Some only want to view your public profile which is fine in my opinion, but some might ask for permissions like edit and manage your Google or Facebook account. If you grant such access to these websites, they can make changes to your Google or Facebook account. You can use the following links to see what information you may share and how to remove access once you are done with a third party website.

For Apple

For Google

For Facebook

We all know Apple seems to have more security towards their customer privacy, so it’s always better to go with it.

Therefore if you have an Apple Id, I’d suggest to use it for this kind of logins. But if you want the most convenience, then Google is probably the way to go.

Main Takeaways

While it is a very useful feature to log in and out of third party websites for services we need, it is crucial that you be aware of what you are sharing with them. Here are few points to remember for such logins.

Only use such logins, if you trust the website.

Be aware of what you are granting access to. You can edit these in most cases.

Turn on your 2-Step verification for your Google, Facebook or Apple accounts.

If you no longer require the service of a website, then make sure to remove its access from your account(Google, Facebook or Apple). You can easily do this by going into the settings page of your account.

...

This story was originally published here on Medium.