OAuth2 is a simple and reliable SSO protocol and what’s great is that it’s implemented by at least few well-known services, like Google, Microsoft or Facebook. I’ve decided to follow the specification and implement SSO gateways for these three.
Google – no issues, works like a charm.
Microsoft – the same.
Facebook – since don’t use Facebook, I’ve expected to get into issues. First, to register the application in Facebook you need their account. So I create one, something like “Test Developer” with one of my emails. I confirm the email by clicking their link and I am there, Facebook welcome.
So I go to the developer section and try to register the application. Facebook says that “there is a chance that this is not a legitimate account, you need to provide the phone number so that we can SMS you and verify the account. Note that the phone number will not be available for registration with other Facebook accounts”. Well, I am not going to spent one of my phone numbers on test account. I give up and decide to register a new, legitimate account.
Once again, I create an account, this time with all valid information. I confirm my email address and again I go to the developer section. The same story, “this is probably not a legitimate account […]” so I enter my phone number.
Great, they send me the SMS message, I input the number from text message and submit the page.
“We still don’t believe that this is a legitimate account. To prove it, please scan your personal ID card of your country so that first name, last name and birth date are clearly visible and submit the image here”.
Well, I find the option to delete the account, I answer the question and my account is deleted.
I get an email which says that “thank you, your account has been locked, if you ever decide to come back, please login again with your username and password”.