Using LDS Account to authenticate users in third party app

[neptunecentury]

With the roll out of tithing on-line, the ante has been upped on what the account can access. If anyone thinks I'd be willing to type a LDS Account login into a non-church owned site, they are sadly mistaken

I can understand that, but ultimately, security is the responsibility of the Church. Signing in with an LDS Account is only a means to authenticate, and yes, access certain information, but the account info is never actually typed in the non-church-owned site. It would be typed in a secure popup or other page just like facebook or google.

To allow such a thing, the Church would have to ensure that only public and non-critical data be accessible, and then, only with permission from the user. In other words, if the LDS Account could be used like OAuth, then any app that uses it to identify a user, would never have access to tithing info or anything like that.

But nothing is ever perfectly secure, so I can understand why this is not available. But it would be nice

[gregwanderson]

Having any third-party website utilize the official LDS Account log-in would confuse a lot of users into thinking that the third-party website is fully endorsed, created by and/or maintained by the church. That would be quite a coup for a developer wanting to make a profit from user participation. And it would also set a dangerous precedent, as users would start to trust third-part websites with their LDS Account log-in. Almost overnight, I would expect lots of scammers to create other trustworthy-looking websites and have a field day with the LDS Accounts of church members, from the rank-and-file to Bishops, people applying to become full-time missionaries, etc.. And, since the long-range goal is to put all of the local MLS functions onto the web, I can only imagine how much damage a hacker could do with the electronic "keys to the kingdom." There must be hundreds of other risks that I'm just not evil enough to imagine.

In short. Huge can of worms that, I predict, can never be opened.

Hi,
I'm developing an app/website that requires authentication for local church leaders. I would really rather not force members to have to create an account through my own application, but would like to have members authenticate through an already existing LDS Account.

I don't mean to sound harsh but I don't know why you have earned the privilege of offering that convenience. If your app/website is worth using then people won't mind creating a new account to log in and use it. I have to create a bunch of accounts to shop online, pay bills, check the kids' grades, etc. (and I have to use a different account for each online store I use). If it's something I want to do then having a secure, unique account isn't too much to ask me to do.

[sbradshaw]

There must be hundreds of other risks that I'm just not evil enough to imagine.

Church employees use their LDS Accounts on Church websites to access resources as well, including their pay statements, for example.

[johnshaw]

If you're going to use an oath, offer Google, Yahoo or Facebook --> just as convenient and delineates the different between your app and an official church app.

We will continue to see this as the Church is not focused on provided some much-needed, critical, daily tools that many members use, and there are always conveniences. Since mission days, most male leaders in the church (while always professing that it's always about people) will want to see numbers, progress, etc.. it is a natural human thing to want to 'guage' how a particular aspect of the gospel is doing in your stewardship.

I just recently had to tell a member of our Stake Presidency that the app being developed by someone in our stake to track temple name submission, # of ordinances performed, when members attended, etc... was out-of-compliance. I haven't heard back yet, but I'm sure in the near future, we'll see this newly developed app for our stake rolled out. I didn't even go into my larger concerns of 'tracking' members participation and the implications it has....

[neptunecentury]

Ok, I do understand the concerns people have, and the confusion it may cause, and for that, I am going to let this idea die (for now)
However, I do want to clear up a few misconceptions with using an LDS Account to authenticate.

IF it were to be offered, it would/should work just like OAUTH:
First of all, the user credentials are NEVER typed into my application. They are entered into a church owned and operated page over an encrypted HTTPS connection.

Then, the API sends me confirmation that the user was authenticated, and some basic claims information, such as their Name, their email (if permission is granted to view email), etc...

I then store that basic info in my database, so I know who they are when they log in again. etc...

So, in reality, their isn't much a third-party developer can do with it. Its just a means to authenticate someone. It doesn't have to grant privileges to see their tithing records, or allow people to apply for missions Remember, its just authenticating a user.

BUT

Just like anyting else, there is the potential for trickery. So the user has to make sure that the popup they are entering their credentials in has "https://account.lds.org" in the address bar, and not "http://scammer.site.com". This is obviously where people could be tricked into entering their LDS account info into a NON-LDS owned site. However, this method can still be used even if third-party authentication isn't currently available.

Thank you everyone for your insights and concerns. I will have users create their own account for my app.

[russellhltn]

Its just a means to authenticate someone.

Which outside of FamilySearch applications, the church has shown zero interest in doing. Not just in the computer world - try calling CHQ and see if they will conform if your next door neighbor is a member.

[johnshaw]

Ok, I do understand the concerns people have, and the confusion it may cause, and for that, I am going to let this idea die (for now)
However, I do want to clear up a few misconceptions with using an LDS Account to authenticate.

Regardless of what has been said, concerns of individuals on this list are irrelevant if the Church has stated that only Church Apps can use the LDSAccount. There is no weighing a pro/con, nothing that we want to 'avoid if possible' - The Church has defined the API and defined its use. That's it in my book.

[johnshaw]

So, this is interesting. I had a little run-in with an app developer in my stake that was using LDSAccount to control logins for a Family-name sharing system. Basically families-helping-families to complete temple ordinances. I expressed some concern, the Stake Presidency got involved.

Other than the tech page here - https://tech.lds.org/wiki/Third-party_A ... el_content - Is there a location that specifically defines use of LDSAccount. I've pointed stake leaders to this site and they've contacted the church but nobody has contacted them.

1. This site is about Gospel Library, the LDS Account information is there, but seems like it should have its own legalise for a bit more bite.
2. Where do I get more definitive information? I put my foot down pretty good based on all I've seen on this board for years, but if the church is not backing that position up by responding to a Stake President I feel like I'm built on Sandy ground and not Rock.

[scgallafent]

I'm not sure of a published policy regarding LDS Account. The meetinghouse technology policy is fairly clear about membership data. If the stake president feels he needs to speak with someone at headquarters, send me a PM with his information and I can see about getting him in contact with someone (probably a security analyst).

[russellhltn]

Just a quick comment, I know there are approved 3rd party apps that access the FamilySearch side of things. You can find a list at FamilySearch. But as far as I know, there are no approved 3rd party apps for accessing the lds.org side of things.