SAN FRANCISCO — As we predicted, Facebook is switching to an open standard to handle user authentication across its entire platform of connected websites and applications.
Facebook is ditching its proprietary Facebook Connect system, which lets people use their Facebook username and password to log in to other sites around the web. In its place, the company will implement OAuth 2.0, an open source (and soon to be IETF standard) protocol for user authentication.
Viewed along side the barrage of other major announcements unleashed by Facebook at its F8 developer conference here on Wednesday, the move may only seem like a minor data point. But it is one with the potential to make a broad and deeply significant impact on the social web.
Right now, users expect three choices for logging in to a site with an existing ID: Facebook Connect, Twitter or OpenID. That forces publishers to implement three separate systems — one for OpenID, one for Twitter, which uses OAuth, and one for Facebook, which uses Facebook Connect. But once OAuth 2.0 is up to speed and more sites move over to it, things get simpler for site owners.
Where there used to be three options — Facebook Connect, OAuth and OpenID — there will now only be two. And the two that are left are both open source.
There are still details involving token management, auto-registration and other bits of complex backend plumbing to be sorted out, that Wednesday’s events don’t change.
But the move towards OAuth is a step towards interoperability the social web sorely needs. Most importantly, it will be easier to build pathways connecting OAuth and OpenID, since both are fully transparent, open standards and the proprietary Facebook Connect system has been removed from the equation. The switch paves the way for further integrations between existing technologies.
Continue Reading “Facebook Adopts Open Standard for User Logins” »