: Asking for user's 3rd party username/password like Facebook's Find Friends feature Preface Facebook and other sites have features where they ask users for their credentials for 3rd party web sites
Preface
Facebook and other sites have features where they ask users for their credentials for 3rd party web sites (see image below). Presumably, facebook then uses the credentials to login as the user and harvest their email contacts to match against facebook's user database.
Questions
Does anyone know that kind of permission is required from a 3rd party website to login on behalf of one of their users? Or is no permission required?
I suppose it is analogous to giving an apartment key to your pet sitter. The only thing that would stop the pet sitter from entering your apartment is if the complex's TOS explicitly state that no one may unlock the door of an apartment that they do not own. But would those TOS apply to the pet sitter? Or would they only apply to renters who enter into a service agreement with the complex?
More posts by @Connie744
1 Comments
Sorted by latest first Latest Oldest Best
Relaying credentials in this manner is purely a matter of trust. Notice the text "Facebook won't store your password." - the user has to take their word for that, as anything transmitted to the server could easily be stored by it. However, this statement in itself could be taken as TOS, since it is an explicit promise to the user.
The TOS of the service to which authentication is relayed will tell you whether it is allowed. Most (free) services have no restrictions on third parties authenticating on your behalf, nor require any special permissions. It is generally up to the user to decide what to do with their account information. Some services (e.g. Google) give more control over these decisions with features like two-factor authentication and application-specific passwords.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.