Social Login
What is Social Login?
Social LoginAn authentication pattern where users sign into a third-party site using their existing identity from Google, Apple, Microsoft, Facebook, GitHub, or similar providers.
Social login lets a relying party delegate authentication to a large consumer identity provider, typically over OpenID Connect or OAuth 2.0. The user clicks 'Continue with Google' (or Apple, Microsoft, Facebook, GitHub, LinkedIn, Twitter/X), authenticates at the provider, and the relying party receives an ID token plus profile claims it trusts. The pattern shortens sign-up, leverages the provider's MFA, and reduces password storage liability for the relying party. Risks include over-broad scopes, account-takeover at the IdP cascading to every linked app, and 'orphan' accounts when a user loses access to the IdP. Best practice combines OpenID Connect with PKCE, minimal scopes, and a fallback authentication factor — for example, Sign in with Apple requires hiding email relays.
● Examples
- 01
A SaaS sign-up page offering 'Continue with Google' and 'Continue with GitHub' via OpenID Connect.
- 02
An e-commerce site accepting Apple's hide-my-email relay address as the user's primary contact.
● Frequently asked questions
What is Social Login?
An authentication pattern where users sign into a third-party site using their existing identity from Google, Apple, Microsoft, Facebook, GitHub, or similar providers. It belongs to the Identity & Access category of cybersecurity.
What does Social Login mean?
An authentication pattern where users sign into a third-party site using their existing identity from Google, Apple, Microsoft, Facebook, GitHub, or similar providers.
How does Social Login work?
Social login lets a relying party delegate authentication to a large consumer identity provider, typically over OpenID Connect or OAuth 2.0. The user clicks 'Continue with Google' (or Apple, Microsoft, Facebook, GitHub, LinkedIn, Twitter/X), authenticates at the provider, and the relying party receives an ID token plus profile claims it trusts. The pattern shortens sign-up, leverages the provider's MFA, and reduces password storage liability for the relying party. Risks include over-broad scopes, account-takeover at the IdP cascading to every linked app, and 'orphan' accounts when a user loses access to the IdP. Best practice combines OpenID Connect with PKCE, minimal scopes, and a fallback authentication factor — for example, Sign in with Apple requires hiding email relays.
How do you defend against Social Login?
Defences for Social Login typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Social Login?
Common alternative names include: Federated login, Login with Google, Sign in with Apple.
● Related terms
- identity-access№ 760
OpenID Connect (OIDC)
An identity layer built on top of OAuth 2.0 that lets clients verify a user's identity and obtain basic profile information via signed ID tokens.
- identity-access№ 749
OAuth 2.0
An open authorization framework that lets a resource owner grant a third-party application limited, scoped access to an API without sharing credentials.
- identity-access№ 962
SAML
An XML-based open standard for exchanging authentication and authorization assertions between an identity provider and a service provider.
- identity-access№ 643
Magic Link Authentication
A passwordless sign-in flow where the user receives a single-use URL by email or SMS that, when clicked, authenticates the session.
- identity-access№ 708
Multi-Factor Authentication (MFA)
An authentication method that requires two or more independent factors — typically from different categories — before granting access.
- identity-access№ 076
Authentication
The process of verifying that an entity — user, device or service — really is who or what it claims to be before granting access.