Software AG Products 10.11 | Administering API Portal | Configuring API Portal | Configuring User Registration | User Registration in API Portal with Social Login
 
User Registration in API Portal with Social Login
 
Configuring Google Login
Configuring Facebook Login
OAuth Properties for Social Login
Removing Social Login
By default, API Portal asks new users to register by providing a valid email address and a password. Upon approval, the user logs in to the portal using the email address and password. But you can also enable users to access the portal through a social login. Giving users access with their existing Google or Facebook account means they do not have to register or remember another set of credentials—they simply log in to the portal using their social account. API Portal authenticates a user by accessing their social account.
Social login is a form of single sign-on using existing login information from a social network to sign in to a third-party application. Before an application can access private data of a social media user, it must obtain an access token that grants access to the OAuth provider API.
Social login works with all API Portal registration approval processes. After being approved or clicking on an email confirmation link, users can access the portal. Users who are rejected or who do not have a valid email confirmation are denied access.
When you allow social login to API Portal:
*At the user’s first login, API Portal stores the user’s social login information, if authorized by the user.
*Users who access the portal with their social account can not change their user profile information or password from the API Portal Profiles link. All user profile fields, with the exception of the Language field, are read only, and there is no password change link. Instead users need to go to their social account and make changes there.
*Users can delete their API Portal account from the API Portal Profiles link.
*Dashboards in API Portal can capture and track which social app users access the portal with.
After access with a social account is configured, valid users see a login dialog where they can sign in to API Portal with their social account credentials if they are not already logged in to their social account.
What is OAuth?
OAuth is a standard for authorization that enables client applications to securely access resources on behalf of a resource owner. OAuth specifies processes that allow resource owners to authorize third-parties to access their resources without having to share credentials. OAuth allows an authorization server to issue access tokens to third party clients with the approval of a resource owner or end user. The client can then use the access token to access protected resources offered by the server. OAuth is most commonly used to allow users to log in to a web site using their Google, Facebook, Twitter, or any other social media account, without worrying about their credentials being compromised.
There are several ways to request an access token from the provider. The process used by API Portal is described below.
1. The user clicks the Sign in with social_network link on the API Portal login screen.
2. The application creates an authorization URL for the requested provider and redirects the user to that URL.
3. If the user is already logged in to the social network, he is redirected back to the API Portal landing page where he is already logged in based on the approval process defined.
4. If the user is not already logged in, he is offered the possibility to log in at the OAuth provider. After logging in, the user is prompted to grant the permissions requested by API Portal. This process is called user consent. If the user gives consent, the OAuth provider redirects the user back to API Portal including a temporary code. If the user does not give consent, the OAuth provider returns an error.
5. After API Portal obtains an access token, it uses the permitted API to determine the identity of the user, and creates a user account in the UMC, and finally logs in the user.