Integrity
All users must have an account with the
IdP (currently Facebook)
Why using an IdP?
The primary reason is to prevent users from appearing multiple times.
- Facebook "maintain" their registers to prevent fake accounts (users with multiple accounts)
Other reasons are:
- Facebook have more security features (using multifactor authentication etc).
- Furthermore, the end-user will have fewer passwords to remember. 😃
What data is taken from the IdP?
The
public profile from Facebook. From the "public profile" the
name and
image are used as default values. (The name/image that is displayed to other users can be changed, see below)
The
Email: from Facebook. This email is
NOT shown to the public. It is only used as an alternative login in case the site changes IdP. (You can however still show "displayed" emails to the public, see below)
What data is shared with the IdP?
No data is shared with any third party.
"displayed name", "displayed image" and "displayed email"
The displayed name / image can be changed under: (app).locatabl.com>"âš™">"User settings".
You can enter separate emails (that IS shown to the public unlike the one fetched from the IdP) ...
- ... when you appear as a customer: (app).locatabl.com>"âš™">"(Customer) settings"
- ... when you appear as a seller: (app).locatabl.com>"âš™">"(Seller) settings".
Considered alternative IdPs
Here is a
some other ID-providers that are considered.