Today we've rolled out the ability to use your Google, Facebook, Twitter, OpenID, Yahoo or LinkedIn identities to log in on NPR.org.
We've had this project on our wish list for a while, as we've wanted to make it easier for you, our users, to participate on NPR.org by leaving comments, or signing up for newsletters. It also lays the groundwork for anything else we want to try in the future, like making playlists more portable or finding your social networking friends already registered on NPR.org. We evaluated our options, including building a system on our own from scratch, implementing a solution around a single provider such as Twitter or Facebook, or looking at more comprehensive solutions from outside vendors. We chose to go with a product called JanRain Engage.
This product allows us to link multiple third-party accounts with an existing NPR.org account allowing you to authenticate in either natively or with your outside identity. For new users, we use the third-party account to create an account in our database, and you can authenticate with your third-party identity.
We decided to go with this solution because we liked how light it was to implement, and how we were able to incorporate it without changing too much of our existing infrastructure. We did this in only two two-week Agile sprints, with a team of four, plus a product owner and Scrum Master. We wanted to implement this solution and get it out to the public as soon as we could in order to see how our users worked with it. This dovetails well with our internal goal to serve our public by being more agile with our development. Also, since we believe strongly in our public service mission, we wanted to be transparent about what data we receive from these third-party services, and for what we use it.
First, every login that comes via one of these third-party services creates an account on NPR.org. We did this in order to not have to change our existing database layout, and also allow us to store whatever we needed in our own databases. Our database is currently organized with two unique fields e-mail (which is a required field) and nickname (which is not). So if you sign up with a Facebook account, which passes an e-mail that is already verified and associated with an active NPR account, the accounts will be linked. In that case, the only new information that we are getting and storing from your Facebook account is the unique identifier that says this is your Facebook account.
Second, if you are signing in with a third-party service and the e-mail address we receive doesn't match an NPR.org account, we will create an account for you after you approve that we have your basic information right, including first and last name, e-mail address and preferred username. You approve that information and your account is created.
Finally, there are some third-party services - specifically Twitter, LinkedIn, and OpenID - which either pass an unverified e-mail or no e-mail at all. If you sign up with new account using one of these services, we do ask you to verify your e-mail address. If you already have an account on NPR.org, you willl be asked to log in to verify your e-mail address. This may be a little strange the first time you sign in with Twitter, LinkedIn or OpenID.
We discussed at length the amount of information we should be obtaining from these services, and the possibilities open to us by doing so. Ultimately we decided to ask for only that information we would use right now. We want to ensure it is correct by asking you to authorize sharing with the service, then confirm authorization and the information with us.
We also are discussing what we want to do for the future regarding registration and log in. We can integrate your log in with the sharing tools on NPR.org, streamline the steps needs to share our content on Facebook, Twitter and the like. We are looking at making your playlists more portable, first from computer to computer, and then from computer to our mobile applications and site. We're looking at fully implementing OpenID - something we've been talking about for a while - with our native registration system. We're talking about ways that we can personalize your NPR experience, or connect you with other NPR listeners using some of the extended profile data that you might want to share with us.
We have more ideas than what we have detailed here, and we know there are things that we have not even thought about yet. We do want to hear from you, though: what else should we be working on?