Question:
Good day!
I'm not going to develop %subzh%. I'm interested in the very principle that lies in the authorization of the user on various forums (including those of dubious origin) using new "fashionable" features, using beautiful buttons, like: "VKontakte", "Facebook" and other social networks.
- As I understand it, from the user's point of view, I will be able to access any forum without authorization using this button, if on the current machine, from the current browser, I am still authorized in the corresponding network?
- Does the owner of the forum have any access to the social network with which I logged in? can he use my account on the social network for his own selfish purposes?
PS: It will be useful if there are direct links to technical documentation or a description of this authorization option to your answers/comments.
Don’t write very cleverly, I’m not strong in web development and all sorts of authorization systems … I would like something simpler 🙂
Once again, thank you in advance for your answers.
Answer:
In a simple way: the forum trusts VKontakte (who doesn't know VK!). A user comes to the forum, says, “I am Vasya from VK”, the forum itself runs directly to VK and clarifies, “VK, is this Vasya for sure?”, VK confirms, “yes, this is Vasya from VK”.
At the same time, VK does not reveal too much information about Vasya. Even email does not give – only a first name, last name, id and a link to a picture with a face. Other social networks, or, for example, Google, shine a person's email.
In this case, there can be no abuse.
In order for the forum to spoil a person, you need to additionally request some rights, permissions, install an application, etc. VK is not a fool, and he will write about this in detail: "An application such and such requests access to your apartment keys and wallet – give it?". Of course, you can’t really protect yourself from a fool, but if people don’t turn off their heads, then abuse will not happen.