Authentication in modern applications is more than just an end-user coming up with a username/password pair, and the password being hashed before being stored in the DB. In fact, most don’t really even like the idea of having something else to either remember or store in their password manager. The growing majority prefers to use their accounts on internet stables like Google, GitHub, Meta(FB), Twitter, Web3, etc., as means of authentication. Well, this can be simply described as SSO.
What Is SSO
SSO, or Single Sign-On, is the method of using a singular account to authenticate access to multiple websites and applications. For example, think of the option of signing up or logging in with your Google account. In essence, you’re using your Google account as the authentication layer. So if you’re able to log into your Google account, that verifies who you are and allows another site to use that information to access their platform.
From a nontechnical spectrum, think of credit cards. To better clarify, let’s look at the AMEX Platinum Card. Ignoring the high annual membership fee, once you are a cardholder, you have access to other members-only platforms/situations as well as the Avis(rental car company) Preferred access
How SSO Works
Understanding the technical implementation of SSO seems tough, but it’s pretty easy to grasp. Simply put:
- User logs into another site like Google or Meta(FB)
- On successful login, the app or website they’re originally on is notified with response data
- From that data, depending on what you request, you get access to information from said account
- If you’re creating a new account, said data can be used to create account on new platform
- If logging into a site where there is already an account, the account verification done allows access
- A token, set to expire, is returned as well to access user information later on if needed
Seems pretty straightforward, right?! That’s a good thing because realistically it is.
Tools For SSO
For the most part, the providers you want to integrate with have their own API suites and protocols to do this. However, there are solid third part solutions that make implementing easy as well. Both are available for backend, and frontend implementation. Here are a few:
In Closing
SSO is a standard in authentication and has been for a while now. Having any type of platform today where users can use this method to handle authentication unless banking or similar level of services that need accurate identity verification, is simply bad UX. Take the time to get a grasp of it, and take it into building your next great platform.