Using LDS Account to authenticate users in third party app
-
- New Member
- Posts: 6
- Joined: Fri Feb 22, 2013 7:01 pm
Using LDS Account to authenticate users in third party app
Hi,
I'm developing an app/website that requires authentication for local church leaders. I would really rather not force members to have to create an account through my own application, but would like to have members authenticate through an already existing LDS Account. Is this possible through something like OAuth?
Reasons for this are:
1. It is more secure as I am not storing their sensitive passwords in my system
2. It is convenient for the member to use an existing account vs creating a new account for my app
3. I don't really want to authenticate with other services like facebook, etc
If this is not currently possible because of technological limitations, is this something that can be implemented in the near future?
Thanks!
I'm developing an app/website that requires authentication for local church leaders. I would really rather not force members to have to create an account through my own application, but would like to have members authenticate through an already existing LDS Account. Is this possible through something like OAuth?
Reasons for this are:
1. It is more secure as I am not storing their sensitive passwords in my system
2. It is convenient for the member to use an existing account vs creating a new account for my app
3. I don't really want to authenticate with other services like facebook, etc
If this is not currently possible because of technological limitations, is this something that can be implemented in the near future?
Thanks!
-
- Senior Member
- Posts: 3907
- Joined: Mon Sep 24, 2007 9:17 am
- Location: Cumming, GA, USA
Re: Using LDS Account to authenticate users in third party a
By policy (not necessarily technical limitations) only official church applications can authenticate with and use LDS Account.neptunecentury wrote: If this is not currently possible because of technological limitations, is this something that can be implemented in the near future?
Thanks!
I don't have any inside knowledge but the church is very conservative about privacy issues and I doubt that policy will ever change.
- aebrown
- Community Administrator
- Posts: 15153
- Joined: Tue Nov 27, 2007 8:48 pm
- Location: Draper, Utah
Re: Using LDS Account to authenticate users in third party a
No. In the wiki article Third-party API for gospel content, we read:neptunecentury wrote:I would ... like to have members authenticate through an already existing LDS Account. Is this possible through something like OAuth?
...
If this is not currently possible because of technological limitations, is this something that can be implemented in the near future?
Although that wiki article is dealing with a different context, the basic principle still holds that the LDS Account can be used only by official Church applications.... third-party developers are restricted from using LDS Account, which could give access to membership data. This restriction protects the privacy of membership data (a legal requirement in many countries) and safeguards how membership data is viewed and used.
-
- Member
- Posts: 69
- Joined: Sun Apr 04, 2010 9:07 pm
- Location: United States, California
Re: Using LDS Account to authenticate users in third party a
Technologies exsist which could be used to allow third parties to use LDS Account single sign on to authenticate users (OpenID) and access a user's data stored on church servers (OAuth) without violating any privacy laws. In the case of OpenID, the response only confirms that the user is authenticated to that particular ID. In the case of OAuth, the user would grant (and could revoke) authorization to read and/or write certain types of data. The key to these technologies is that authentication and authorization occur on the provider's site not on the consumer's site. Unfortunately these technologies are not widely used (To use mint.com with most of my financial accounts, I have to trust it with my passwords; however, on of my accounts has a method similar to OAuth allowing me to grant third party read only access to mint.com without sharing my password). As much as I'd like it, I don't see the church being a pioneer in this type of open development - generally the church is at least as conservative as the majority of financial institutions.
-
- New Member
- Posts: 6
- Joined: Fri Feb 22, 2013 7:01 pm
Re: Using LDS Account to authenticate users in third party a
I suppose if its not possible to use LDS Account, I guess the next best thing would be some other Social Media login, but I may just opt to have users register for an account on my app as the idea of using "facebook" for an LDS application just doesn't seem right.
Anyway, thanks for the replies.
Anyway, thanks for the replies.
-
- Member
- Posts: 69
- Joined: Sun Apr 04, 2010 9:07 pm
- Location: United States, California
Re: Using LDS Account to authenticate users in third party a
I would suggest offering OpenID sign on - the user chooses their authentication server (Google, Yahoo, Wordpress, and many more proivde OpenID to thier users), but providing your own authentication option (with or without becoming an OpenID provider). The biggest challenge to users wanting to use OpenID is that there are too many sites that want to provide, but not consume, OpenID.
-
- New Member
- Posts: 6
- Joined: Fri Feb 22, 2013 7:01 pm
Re: Using LDS Account to authenticate users in third party a
Yes, I think I will consider it. I do like the idea. However, I have no experience with OpenID, but that's what google is for
- sbradshaw
- Community Moderators
- Posts: 6245
- Joined: Mon Sep 26, 2011 9:42 pm
- Location: Utah
- Contact:
Re: Using LDS Account to authenticate users in third party a
One practical reason for the limitation on using OAuth in LDS Accounts, with the way it's currently set up, is it seems that a user can get more information through their LDS Account than what's actually displayed to them. For example, every once in a while we hear of a bug report where LDS Tools is showing data that a user shouldn't be able to see. The fix is done on LDS Tools, not on the backend server. So, a third-party app could circumvent the policies of who can see what data and show everything to the user.
Samuel Bradshaw • If you desire to serve God, you are called to the work.
-
- Community Administrator
- Posts: 34417
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: Using LDS Account to authenticate users in third party a
With the roll out of tithing on-line, the ante has been upped on what the account can access. If anyone thinks I'd be willing to type a LDS Account login into a non-church owned site, they are sadly mistaken.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Community Administrator
- Posts: 34417
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: Using LDS Account to authenticate users in third party a
Maybe the LDS Tools is a quick interim fix. Because if true that sure smells of bad security.sbradshaw wrote:For example, every once in a while we hear of a bug report where LDS Tools is showing data that a user shouldn't be able to see. The fix is done on LDS Tools, not on the backend server.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.