Curiosity is one of the most important traits in our job. The other day, I found myself exploring PayPal documentation to find something interesting to learn (and share). After a while, I stumbled upon the login with the PayPal tool.
With the “PayPal login” tool, your users can authenticate into your application using PayPal. It’s the same procedure we already know for Facebook, or maybe Twitter and GitHub.
Using this type of authentication is recommended if you want to integrate it with an e-commerce website, but you can use it in every situation and application that requires a user account or membership.
Why use ‘Login with PayPal’?
One of the most important reasons to use it is simplicity. Your user will not need to remember another set of credentials – the same advantage OAuth via FB, Twitter, etc have. Also, the login procedure is absolutely secured: fewer concerns for you. However, it’s not just an email and a password.
Another great feature is that we are talking about a standard because the login with PayPal tool is based on OpenID Connect which uses OpenID 2.0 and OAuth 2.0 open standards.
Using the PayPal tool also opens many new points of view for the merchant/applications. If you think about it, PayPal actually has more than 100 million users. You are potentially expanding your user base. Everything also comes with a real-time update of user data: if your user changes something about himself on PayPal, your application will “know it” immediately.
I presume that you now have really good reasons to start thinking about it. Let’s see how to implement this solution in a sample application.
How does PayPal work?
Before diving into the implementation procedure, it’s going to be a good thing if you can understand the mechanism under the hood. Like we mentioned before, the login with the PayPal login tool is based on Open ID Connect. In the picture below, you can find all the information about the entire procedure in every single moment.
Everything starts with the application that we are developing: it could be the e-commerce we used before as an example. The Log In with PayPal button redirects the user to the PayPal login Authentication and Authorization Service. After giving credentials, the user has to agree to share his data with our application. He will be informed of every single datum that he’s going to share with us. If everything goes fine, PayPal gives the application an authorization code.
The next step is communication between the merchant (the application) and the PayPal token service endpoint. The first gives the second the authorization code, in order to receive the access token and the refresh token.