Railsmagazine60x60 Authentication with Gigya

by Curtis Jennings Schofield

Issue: Winter Jam

published in December 2009

Curtis jennings schofield Curtis lives in a Zen Temple where he hacks code, music, illustration, and religion. He has experience in many operating systems and many programming languages. Currently he is working on being a human being and re-entering the workforce. curtis_jennings_schofield (at) robotarmyma (dot) de


As we witness the metamorphosis of internet paradigms (like gopher, veronica, hypertext, web 1.0, web 2.0)  eventually the developers and denzines of this constantly transforming internet will understand what it is that is common about social networks: the momentum of social media, collectivist communication and point to point transmission.

Understanding this world of distributed service will allow us to migrate services into discrete standards. One example of this transforming area is the exposition of authentication APIs and the creation of social authentication services.

Statement of Focus

This article attempts to throw light on the elephant of social media and request engagement in its exploration. By the provided example: an existing social authentication service - perhaps we can discover a related dialogue.

Gigya: The Elephants Toenail   

Gigya is an aggregation of authentication APIs into a general purpose authentication service & API. I have no connection with the company, no agenda to act as representation.

A service such as this offers the benefit of enabling the user to maintain a sense of continuity around their internet identity. It also provides a single point of implementation for developers.

It is the sentiment of this article that Gigya is going in a good and orderly direction.

Below the article are the basic steps required to authenticate a user through Gigya.

Backstep: Another Look

Using a service like Gigya to simplify user migration from existing services brings in an interesting question: What is the balance between open data-sharing and privacy?

A service like Gigya has some pretty significant responsibility in terms of ethics. They have the necessary responsibility of ensuring that they are protecting their integrity and the integrity of their database of users (personally identifiable or otherwise). In their privacy policy they state that the information gathered through the use of their api in corroboration with other authentication providers will be gathered and stored; this information will be used only if the user declares themselves as OPT-IN.

This seems to indicate to me an understanding of both the value of the information and the value of client privacy.

Wide Angle on the Elephants Leg: Parallel tracks 

It is my opinion that this Authentication service is the first of many. We will also start to see more diversity in services and APIs that cater to developers (and users) around such constructs as friend-lists and content storage.

I think it is very important to keep one particular question in mind: How can we build in user-rights, community support, and developer freedoms into the system of distributed social service components?

Conclusion: Parting Thoughts

In the workings of craft and the support of community it is my experience that much of our daily work involves a special question.

It is the kind of question that lends itself to a dynamic and active answer. Each of us, in our own way, has an answer to this question. Each of us in our own way can feel how this question is changing for us.

What is it that we as engineers, designers and creative artists are going to have to learn, seek, or understand in preparation for letting the internet become what we could never envision with our limited and individual view?


<div id="gigya_login_widget"></div>
<h3 id="username"></h3>
<img id="userpic"></img>
<a onClick='gigya.services.socialize.logout( { "APIKey": "2_mNUqFJkEnLmthgDQ_5ZXYF80ISolpt" }, { callback: printResponse});'> Logout</a>
<!-- load javascript libraries late -->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js"></script>
<!-- gigya.social.js script should only be included once -->
<script type="text/javascript" src="http://cdn.gigya.com/JS/gigya.js?services=socialize"> </script>
<!-- Important to ensure that javascript does not get executed out of order -->
<script type="text/javascript">
function gigya_call_me_on_login(response){
   document.getElementById('username').innerHTML = response.user.nickname;
   document.getElementById('userpic').src = response.user.photoURL;

function printResponse(response) {      
  if ( response['status'] == 'OK' ) {                    
    alert('User has logged out');    
  else {    
    alert('Error: ' + response['statusMessage']);    
    var conf=
"APIKey": "2_mNUqFJkEnLmthgDQ_5ZXYF80ISolpt",
    "enabledProviders": "facebook, myspace, twitter, google, yahoo, aol"
    var event_params = { 'onLogin': gigya_call_me_on_login };
    gigya.services.socialize.addEventHandlers(conf, event_params);
    var login_params=
    "headerText": "Select a service you alread use to login:",
    "height": 120,
    "width": 560,
    "containerID": "gigya_login_widget",

    "UIConfig":"<config><body> <captions background-color=\"#606060\"></captions> <texts color=\"#37DA1B\"> <links color=\"#C8FFFF\"></links> </texts> <controls> <snbuttons buttonsize=\"64\" color=\"#D5D5D5\"> </snbuttons> </controls> <background background-color=\"#404040\" frame-color=\"#000000\"> </background></body></config>"
gigya.services.socialize.showLoginUI(conf, login_params);