DEV Community

Denis Anisimov
Denis Anisimov

Posted on

4 1

Implementing manual OAuth sign-in flow for Facebook and Google

Our web app uses Facebook and Google social logins. We've implemented those using the recommended approach with JS SDKs.

That was easy to do and works fine most of the time, but I've started to see many users facing issues with that when they access the web app using a private browsing mode or have other privacy-related settings turned on. Namely some browsers block the Facebook JS SDKs, and many block third-party cookies which breaks the default Google sign-in.

Given that I've started thinking about implementing the OAuth flow manually completely skipping the JS SDKs. Seems like this will give the most robust results, it is better for user's privacy and can save some bandwidth on the initial page load.

Have anyone followed the same route? Are there any concerns with this approach, e.g. about the security of SDK way vs the manual way?

See also:

Image of Datadog

The Future of AI, LLMs, and Observability on Google Cloud

Datadog sat down with Google’s Director of AI to discuss the current and future states of AI, ML, and LLMs on Google Cloud. Discover 7 key insights for technical leaders, covering everything from upskilling teams to observability best practices

Learn More

Top comments (1)

Collapse
 
dbanisimov profile image
Denis Anisimov

So for anyone interested I've implemented the manual OAuth flows for both Google and Facebook (look for the links at the end of the original post)

It solved both third-party cookies issue and blocked SDKs issue. The sign-in flow with redirects works perfectly in Private mode with enhanced privacy protection. So far I haven't seen any problems on desktop or mobile.

Good news is that both FB and Google can return short-lived access tokens that can be directly fed to serverless auth providers, like Firebase, so there is no need to implement your own code-token exchange.

As an extra benefit abandoning FB sdk saves same bandwidth on page load.

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay