User authentication

Simple account maintenance for MVP?

Tommy Schmitz Founder at FanMob

August 15th, 2013

We are building a prototype for a social app analogous to instagram.  We want users to create "handles" for commenting/discussions.  Looking at using "connect w facebook" or "connect w twitter" for the MVP build.  Does anyone have experience using either?  Pros/Cons?  Eg, Facebook doesn't import a "handle" ... or what happens if they change their twitter handle after signing up for our service.  Any thoughts are appreciated!

Oleg Baranovsky CTO at Elluma Discovery, Inc.

August 15th, 2013

I would also chime in here, always give your users some sort of alternative registration procedure as there are a sizable groups of users who would not want to have their Facebook account tied to your app. Also, once created an account via Facebook or Twitter login, they should be able to log in to it directly, bypassing FB/Twitter. 

IMHO, FB is much better as authentication provider since 1) it is much more popular among both developers and users, so much more users have it on their cellphones, and 2) it gives you more information on the user, most importantly their email address.

As a number of people above mentioned already, both authentication services will give you a numeric users ID that is not changing, so all your accounts would be tied to that user ID. Usually you would use their email address (that you get from FB) as a secondary user ID if you want to offer users ability to log in directly with an email and password.

Depending on the nature of your application you can also create user 'handle' similar to Twitter (makes sense, since it is similar to Instagram). You can decide than what happens if users change their Twitter handle -- you can detect that change and offer them to change it in your app as well or just keep it the same, so your user would drive the decision here. You will still need your own numeric users ID internally for your system as well, to make sure you do not have to revamp all your database records pertinent to that users internally should they decide to change their handle. If you are familiar with the database architecture, that would be a primary key in your users DB table.

Jonathan Vanasco

August 15th, 2013

twitter auths you to the user's numeric id; all their posts and data are tied to that id as well.  the handle is secondary data.

connect w/facebook allows you to require an email address - and giving you a communication channel with the user.

connect w/twitter only gives you authentication.

Michael Brill Technology startup exec focused on AI-driven products

August 15th, 2013

facebook will give you a user id that won't change, even if user's name changes. whether you use twitter or facebook is somewhat a function of your app and what's most natural... but I'd say facebook is 10X more popular than twitter for authentication.

Jonathan Vanasco

August 15th, 2013

just to add - much like twitter facebook also gives you an unchanging numeric id and a changeable name. 

twitter auth is good if you're doing heavy twitter promotion, but facebook's auth is more advantageous (you can message them) and they have a larger user base.

George Song UX Designer and Web App Developer

August 15th, 2013

The user in your system will be tied to a token that's issued by FB or Twitter, so it doesn't really matter how they change their profile information on either service. As long as they login with the same account at either service, your app will be authorized and tied to their FB or Twitter account. Depending on the framework you're using, it's probably trivial to implement one or the other (or both). Choosing one over the other largely depends on your target audience or if there's specific information you would rather get from FB or Twitter (the social graph, for example). -- George

Cheryl Tom CEO, Founder at Vain Pursuits

August 15th, 2013

Make sure to be aware of the TOS attached to using FB/Twit authentication. Particularly in the case where the user disconnects from FB or Twit and how that affects any data you may have obtained from those services. The TOSs change frequently - it's a job to stay informed and to make sure your app doesn't get screwed in the process. Own your data! There are workarounds depending in your app workflow such that you can use 3rd party authentication and still be safe. 

Paul Travis Multifaceted Online Executor: Product Marketing to Program Mgmt. to Business Development

August 15th, 2013

I participated in a hackathon this past weekend sponsored by PayPal and had never thought about it, but they say you can use PayPal for authentication -- wonder whether their base is bigger than FB.

Jonathan Vanasco

August 15th, 2013

PayPal logins have a short timeout. When i have logged in, it also takes a few seconds for their internal auth systems to get me the 'home' screen. Even if their userbase was substantially larger, you'd have to weigh the frictionless Facebook auth against paypals likelihood to require login.