Shulou(Shulou.com)06/03 Report--

This article introduces the relevant knowledge of "how to achieve user one-click login". In the operation of actual cases, many people will encounter such a dilemma. Next, let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Let's take a look at some of the current login methods:

Login with account number and password

The use of account plus password is the most traditional way to log in, it can be said to be simple and rude, and generally there will be no problems.

Shortcoming

But this approach requires users to remember their accounts and passwords, that is, there is a memory cost. In order to reduce the cost of memory, users are likely to use the same set of account passwords on different platforms. From a security point of view, once the account password of a platform is leaked, it will affect other platforms used by that user.

In addition, since the account has nothing to do with personal identity, it means that the same user can register multiple different accounts, that is, malicious registration may occur.

To solve these two problems, the ideal situation is to use something that is strongly related to the user's identity as the account. But with what? You can't use your ID card as an account.

There was no good answer to this question until the mobile phone card forced the real name system.

Login with mobile number and CAPTCHA

Since the real-name system of mobile phone cards, mobile phone numbers have become another proof of identity for us.

At present, the login method of using mobile phone number and verification code has become the mainstream. Compared with entering the account password, it can better verify the user's identity and prevent malicious registration. Users no longer have to remember their own account password, which increases the security. Now users are used to and accept this login method.

At present, many products also combine the process of login and registration. if the server finds that the mobile phone number has not been registered when logging in, it will directly register with this mobile phone number and then log in. The registration process is insensitive to the user, which greatly simplifies the registration process.

Shortcoming

This login method requires a series of operations: enter the mobile phone number, wait for the CAPTCHA text message, enter the CAPTCHA, and click to log in. It may take more than 20 seconds to complete the whole process, and the operation is relatively tedious. And it depends on the SMS network, because if you don't get the SMS, you can't log in. These problems may result in the loss of some users during the registration stage.

From a security point of view, there is also a risk of CAPTCHA leakage. If someone knows your cell phone number and steals the CAPTCHA, he can also log in to your account.

But in retrospect, why do we need CAPTCHA? The function of CAPTCHA is to make sure that the mobile phone number is yours. Is there any other way to authenticate the mobile phone number besides using SMS?

Local number authentication

If you can get the mobile phone number currently in use, you can verify the number entered by the user. However, for security reasons, the client can not directly obtain the mobile phone number, and the operator can query it through the sim card data.

Now the operator has opened up the relevant capabilities, and now we can determine whether the mobile number entered by the user is consistent with the local number by calling the operator's interface after the user enters the mobile phone number. In this way, the user does not have to wait for the CAPTCHA text message and enter the CAPTCHA, and is not restricted by the SMS network, which simplifies the login process.

But take it a step further, if the operator can return the current number directly to us, rather than just for verification, then users don't even need to fill in their mobile phone number.

As a result, there is today's protagonist one-click login.

One-click login

Get the mobile card number of the current mobile phone and log in directly with this number, which is one-click login.

The benefits of this login method are obvious. It can more conveniently and quickly complete the registration and login process, shorten the process that might have taken 20 seconds to about 2 seconds, and greatly reduce the loss of users in the login process.

Whether one-click login can be done depends on whether operators open relevant services, which is why there was no one-click login in the past, until recently, all three operators have their own open platforms:

Open platform for Mobile-Internet capability

Telecom-Tianyi account Open platform

Unicom-WO+ open platform

To use one-click login, you need to access the operator's SDK. The three major operators use the same authorization process:

The main steps are as follows:

SDK initialization

Call the initialization method of SDK, passing in the AppKey and AppSecret of the project on the platform.

Evoke authorization page

Call the SDK to invoke the authorization interface. SDK first initiates a request to the operator to obtain the mobile number mask, and when the request is successful, it jumps to the authorization page. The authorization page will display the mobile phone number mask and the operator agreement to confirm to the user.

Agree to authorize and log in

If the user agrees to the relevant agreement, click the login button on the authorization page, and SDK will request the token for this number, and return the token to the client after the request is successful.

Take a number

Send the acquired token to our own server, and the server will carry the token to call the operator's login interface with one click. If the call is successful, the mobile phone number will be returned. The server logs in or registers with the mobile phone number, returns the operation result to the client, and completes one-click login.

Here you need to bring out the authorization page to talk about it, which usually looks like this:

The authorization page is defined in SDK. Take Android as an example. After connecting to SDK, we need to register this page in AndroidManifest. We cannot and should not skip the authorization page and get the user's mobile number without the user's permission.

Since the authorization page is a third-party page, we are not free to modify the page style, but SDK provides enough rich interfaces for us to customize the style.

As mentioned earlier, before the authorization page is displayed, you need to request a mobile number mask for display on the authorization page. In order to increase the jump speed of the authorization page and reduce the waiting time for users, SDK usually provides us with an interface with a prefetched number, which takes the mobile number mask. We can call this API when we open the APP, and if the mask has been obtained, the user does not have to wait any longer when he clicks on the jump authorization page. It's a small optimization of the user experience.

During the authentication process, the network will be switched to a mobile cellular network. Currently, the supported standards include China Mobile 2G/3G/4G, China Unicom 3G/4G, and China Telecom 4G. Of course, it is best to use 4G, the use of 2G, 3G will reduce the success rate of authentication.

Authentication cannot be completed without plugging in the phone card or shutting down the mobile cellular network. So even if we access one-click login, we have to be compatible with the traditional login method, allowing users to manually enter their mobile phone number in case of authentication failure.

All three operators have their own SDK, but their respective SDK does not necessarily support the authentication of others. This has led to many products that currently have access to one-click login and support only one operator.

If you want to be compatible with the three major operators, you need to access each of the three SDK. Now we also have an easier way to access a third-party SDK that integrates the authentication capabilities of the three major operators. Currently, there are the following:

Ali-number authentication service

Aurora-Aurora Certification

Mob-second test

The principle and method of use are basically the same, you can check their documentation.

Let's talk about the price that we are more concerned about. I learned about the pricing of the operators and the above-mentioned companies. The price for each certification ranges from 4 to 6 cents, of which the cheapest is the second test of mob. But the price may change, so we won't discuss it in detail here.

Generally, it is not billed if you successfully replace it with the mobile phone number, call the prefetching number API and fail authentication.

Overall, the price of one-click login is about the same as sending verification text messages. Sending SMS messages is billed once for each message, but users need to obtain the verification code multiple times to log in successfully. And one-click login can be replaced to the mobile phone number, which basically means that the login is successful. So in terms of the number of times, one-click login should save a little bit.

At present, one-click login is in its infancy, operators' authentication services still need to be improved, and there is also a process of acceptance for users.

But there is no doubt that one-click login will become one of the mainstream login methods in the future.

This is the end of the content of "how to log in with one click". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.