Pretty sure you have seen and used a social login many times on many web sites – well known as sign-in-with. Wikipedia describes it as:
Social login, also known as social sign-in, is a form of single sign-on using existing information from a social networking service such as Facebook, Twitter or Google+, to sign into a third party website instead of creating a new login account specifically for that website. It is designed to simplify logins for end users as well as provide more and more reliable demographic information to web developers.
Social login is often considered a gateway to many of the recent trends in social software and social commerce because it can be used as a mechanism for both authentication and authorization.
At this place I don’t want to tell you anything about why does this exists, how to use it or even how to implement it into your own web site. There are many places out there which will give you a very good insight into this kind of authentication. Just give it a try and search for “what is social login” at a very well known search site.
Where I would like to talk about is the responsibility you have when using such a kind of sign-up at any website which provides a social login. TweetEraser as an example is using a social login like “Sign in with Twitter” so you can use the functionalities there and clean up your time line. But what does this mean?
Well, once you created your Twitter account you had to setup your login name and password. With this credentials you’ll be able to login at Twitter each time you want. Using the social login at TweetEraser means that TweetEraser doesn’t need your original username and/or password. Instead TweetEraser is asking you – by using the Twitter login form – for your permission to use parts of your Twitter account. You could give this permissions by login. After done that, TweetEraser and Twitter will communicate at the background with each other. Twitter makes sure that TweetEraser only get that permissions to your account which you allowed while proceeding your login at Twitter.
This background communication will be done by using so called access token, completely independent from you original Twitter credential. Until you revoke your once given permission.
I am asking you people. Why are that many of you out there who are complaining about a missing sign-out option at TweetEraser. And not only there. Meantime I heard from many other web site owner who got the same complains about missing sign-out options.
We got statements like “very user unfriendly” or “where the f*** I can logout” just to name a few of them. Why are you people do not think about YOUR OWN RESPONSIBILITY? You gave 3rd party application – like TweetEraser – the permission to use at least parts of your social media account. So you are in charge , you can revoke your once given access at any time you want. In case of Twitter you can do that here. Other social media networks have similar options for revoking access. At Twitter just search there for “TweetEraser” and click the button called “Revoke access”. DONE.
Of course you’ll say: “Yeah, that’s nice. But what about the data you saved on your system to be able to use that parts of my social media account?” And you are right. I mean, I can’t speak for other provider of 3rd party applications. But at TweetEraser we are going this way:
On your first sign-in-with we have to use the above mentioned access token to communicate with Twitter. There we get your account details like screen name, avatar, location and so on – but NOT your email address. The next step is to download your most recent max. 3200 tweets. We save also the current access token temporarily within the database. That’s it.
Assuming your current session at TweetEraser has been expired we automatically remove your current access token from the database. To clear your session simply close your browser or the single tab where you are running TweetEraser in. So there is no logout action nor is there a sign-out action necessary. Assuming you don’t re-sign-in with your Twitter account within the next 10 days, all other data (account information and downloaded tweets) will be deleted automatically. Honestly this counts only for the “Free Eraser” plan. For all paid plans we keep at least the Twitter account information.
And the rest is up to you. If you never want to use TweetEraser again – just do not sign-up again. If you want to make sure that there will be no communication between TweetEraser and your Twitter account – just revoke the access. TAKE YOUR RESPONSIBILITY!