By Marla Hay | Posted on January 20, 2015
Social login allows people to sign in to your app quickly without the hassle of remembering another username and password. It has the added (and awesome) benefit of providing you with demographic and psychographic data about your users, so that you can personalize their experiences with your brand and ultimately, drive and deepen engagement. As we always advise our clients, the best practice for requesting customer data is to only ask for information that makes sense to the customer and that you intend to use to improve their experience. We want to make sure clients using Facebook for social login understand how their social login applications, and as a result, their sites’ user experience, might change with Facebook’s upcoming v2 API migration.
Facebook’s new API includes some changes that reinforce best practices, ensuring that social login continues to be a positive and valuable experience for both end users and app owners.
First, Facebook’s v2 API has added a login review process for any data collected beyond the data typically needed by an application. Facebook allows you to request public profile information, friend list, and verified email address without a review. In order for your app to access any additional data or to publish content to Facebook on their behalf, you will need to submit for review.
Facebook uses the criteria of visibility and utility when considering whether to grant an application access to request additional data. This means the data must be tied to a direct use, and that use must clearly improve the app experience. An example of providing visible utility would be a news site using “current_city” to customize the front page of their site to show news that’s local to the customer.
To see what data you are currently requesting that may be subject to Facebook’s login review, you can compare the Facebook social login configuration in your Janrain dashboard with the table in our support announcement from May of last year. If you are requesting data that requires review, you can follow the steps in Facebook’s Login Review Guidelines to prepare and submit your application.
The second change in v2 is that your app’s users will now have the ability to choose whether they want to grant access to information beyond basic profile data. In the Facebook v1 API, if a user was uncomfortable with the amount or type of data requested by an application, their only recourse was to decline to sign in with that application. Now, the user has the ability to opt out of sharing data beyond the basic profile. Basic profile data includes user name, display name, first and last name, profile picture, age range, gender, and Facebook-specific identifiers and URLs.
If your Facebook application was created after April 30th, 2014, you are already using the Facebook v2 API. If your Facebook application was created before April 30th, 2014, we will be migrating your application to the new Facebook v2 API on March 4th, 2015, a few months ahead of the forced Facebook migration date of April 30th, 2015.
So, what do you need to do to prepare?
If your Facebook application was created after April 30th, 2014, there’s great news—you don’t have to do a single thing.
We’ll continue to send reminder emails to clients over the next few weeks, but be sure to mark your calendar for the March 4 migration date. We want to help make this as easy a process as possible, so please don’t hesitate to contact support with any questions that come up along the way.
How to tell if your identity management is ready for the new data protection regulations…
We just released the latest member of the Janrain product family: Janrain Advanced Policy Manager…
Janrain Information Security Manager, Lisa Nicholson, shares her thoughts on why CSA Level 2 and…