How to handle OAuth providers like Google, Facebook, etc
Hi,
1Password is great for managing my passwords, but for services where I use another service provider such as Google, it all falls over in terms of workflow. The problem isn't that 1Password doesn't help remember the auth provider's password (e.g. Google) - the problem is that it doesn't help me remember which auth provider I used.
Consider the following login screen - there are many like it around the web.
Sign in with:
(*) Google
( ) Facebook
( ) Username and password [ username ] [ password ]
or another format...
[ Log in with Google ]
...or...
[ username ] [ password ] [ GO ]
1Password helps me if I used a username and password, and Google and Facebook help me with OAuth, but how do I remember which authentication mechanism I used?
In short, does 1Password have a feature to record that I should click Google in this case? Or is it on the roadmap?
Thanks, Scott
1Password Version: 5.3.2
Extension Version: Not Provided
OS Version: 10.10.3
Sync Type: Dropbox
Comments
-
..
0 -
Hi Scott ( @sc0ttdav3y ),
I'll admit, with 1Password I rarely find it necessary to log in with my Google or Facebook account - it's just so simple to use 1Password to create a new account with a unique password. So I'm not 100% sure I'll answer your question correctly. Please correct me if I'm missing something.
It seems to me like you're hoping that 1Password will offer you your Google Login when you go to a site that you have used your Google credentials on previously, is this correct?
If so, the solution is to save these other URLs within your Google entry, like so:
You will have to add these URLs manually (1Password won't automatically detect that you have used your Google credentials on a site and update the URL to your Google Login, for example) but once it's there, you can fill your Google details using the keyboard shortcut.
Does this help?
0 -
Hi @Megan,
Thanks for the reply. I wasn't asking to save my google credentials with the site login record (that's not how Single Sign-In system such as SAML and OAuth work), but rather to have 1Password remember that I clicked the 'Google' button rather than the username/password option and save that against the site.
Here's an example from Insight.ly:
The point is not to recall Google's password (as it won't do me any good on this form), but to remember that I need to click the link at the bottom of the form to log in with Google's SSO solution. Unfortunately it's not always possible to register to these services using usernames/passwords, especially in a business context where access is centrally controlled by someone else. Having to remember which ones need which login style is the problem.
1Password's killer feature is that it prompts me to save a new password when I register to a site. My wish is that 1Password should also look for these "Login with Google" type links and prompt to save that as well, and auto-click that link when logging in again later.
Hope that makes sense.
Cheers, Scott
0 -
Hi @sc0ttdav3y,
I can certainly create a request for this feature but I don't want to give too much false hope. At the moment we submit a login page after the filling takes place by mimicking the press of the enter key while focus is on the password field. I don't believe there is a standard way of interacting with links and JavaScript buttons so we don't. I know I came across a bank recently where you were forced to click on the login button meaning our submit feature doesn't work there. So anything would probably mean a large change to how filling and submitting works. That isn't to say it isn't a neat request, just that it wouldn't be something nice and simple that can be included in a minor update if we can even find a standards compliant way to do so. I'm not a developer so the pitfalls and complexities are not part of my current knowledge - just in case I'm missing something obvious or whatnot.
At the moment the only real workaround I can think to suggest would be a dummy login item. The title of the Login item could be something like
Insight.ly (Google OAuth)so the clue is in the title. You could even go slightly further by setting the submit option to Never submit and setting the username toGoogle OAuth. That way you could use⌘\, the page wouldn't automatically submit and you could see the hintGoogle OAuthin the username field. This really is a hacky workaround but it's something that would definitely work for you now while the idea is considered.0 -
Thanks for the workaround idea - that'll do for now.
A bit of feedback - if making the auto-fill feature click links is troublesome, as a user I'd be okay simply having a message telling me to click the link. It's more important that you capture which auth provider I used when initially signing up than automatically log me in.
OAuth, OpenID, OpenID Connect and SAML are the main types, and they are easy to spot by the URL conventions they have in their links.
Thanks, Scott
0 -
Thanks for that feedback, @sc0ttdav3y. It's always good to hear what our users want, and we will keep it in mind going forward.
And meanwhile, we're glad to hear this workaround will ease your way a bit. Cheers, and have a nice weekend! :)
0
