OAuth

OAuth Provider Credentials

What they are, why you need them, and how to get them.

Share:

Like many websites, you’ve set up a sharing feature to get your users to share their contacts with you. Whether this is for referrals to your Ecommerce site, invitations to join an event, a registry, a fundraiser, or more, you want to give your users a secure way to share data with you. The best way to get your users to trust you and protect their data is to get your provider credentials from services like Microsoft, Google, Yahoo, and AOL. 

When you start your OAuth Project, you are assigned Provider Credentials. OAuth is an authorization framework that enables users to access data through a third-party application like CloudSponge. It allows users to access their data while on your site by providing a consent screen that the user signs into with their credentials. The consent screen shows the data that is being requested and how that data will be used.

Google’s OAuth consent screen shows what data is being requested.

 

Having provider credentials is an industry standard that protects both users and providers by securing and keeping data and privacy safe as the user logs into their account via a secure process. Website owners do not receive access to login credentials and only receive data that the end user explicitly allows.

Why should I get my provider credentials? 

Your users want to engage with your sharing feature. However, they need a clear sign that you can be trusted. For many people, sharing their data is akin to giving you the keys to their house. They will not hand out copies of their keys to just anyone, and they must trust that you will not ransack their home when they give you access. Just like how a person would provide only authorized individuals with their own set of keys to their space, users will only provide access to their data if they can trust you. 

Handing keys to someone trusted

People want to keep their login credentials private from you and are constantly reminded that sharing their username and password will lead to a data leak. To overcome this fear, you must set up your provider credentials and display a consent screen.

The OAuth consent screen is a  trust signal showing users the exact data you request. This service also allows your users to sign in to their accounts without having to share their login credentials with you. On top of that, it will be configured to show your logo, terms of service, and privacy policy.

The Morning Brew OAuth screen displays their business information.

While getting your provider credentials from sources like Google or Microsoft will take a bit of work, it’s vital for your users’ comfort and experience. It simply makes them trust you more. 

Once you have your provider credentials, you can display a familiar login screen to users, similar to the “sign in with Google” button many users have seen on other sites. This standardizes the process of allowing users to share their data with you, making them more comfortable and willing to engage with it. If people can trust your site, they are likelier to share information with you.

How do I get my provider credentials? 

Getting your provider credentials involves creating a developer’s account with the respective providers, justifying your need for credentials, and integrating them into your website. This is very important in making the most out of your Contact Picker, so much so that we have written about it extensively and even created some videos to help you.

Can I get my own credentials from Microsoft and Yahoo? 

Obtaining your own credentials from Microsoft and Yahoo allows you to customize the look of the OAuth screen with your own brand, site, and contact information. This customization adds another level of trust for users as they see your information instead of a third party’s. Once your customers feel comfortable interacting with your website, you will notice increased contacts shared with you. The convenience and efficiency of connecting to your address book with just the click of a button makes it a straightforward choice for them. 

The Microsoft OAuth screen shows what data is requested and by who.

It’s also important to keep your credentials up-to-date by regularly testing them and checking the status of your project in your developer’s account. You do not want your users to have a bad experience and abandon the sharing process because it wasn’t working correctly. 

The decision to get your provider credentials is a no-brainer. Obtaining your provider credentials is essential for your user’s experience as it builds trust. Users often hesitate to share their login credentials due to data leaks and privacy concerns. By obtaining your provider credentials, you show your users that you can be trusted with their information, enhancing your brand’s reputation. Your users, in turn, will share your website with their family and friends because they trust you.

Heather Schwartzman, Head of Customer Success

Follow @SchwartzmanHeat

Comments

Try CloudSponge for free in your
testing environment

Get Started

Have a questions or prefer a guided tour?
Schedule a consultation with our Founder.