Social Registration with vKontakte
This article talks about the customizations and configuration necessary to enable social-registration with vKontakte, and further a quick demo of the end-user experience. This is not part of the product yet, and I built it using a clone of the OpenIDM trunk. From a vKontakte API instance standpoint, you do need to create a client instance and VK will provide a client secret to you. The scopes available are sending notifications, access to friends, access to photos, access to audio files, access to videos, access to documents, access to proposals, access to questions, access to wiki pages, status updates, access to notes, access to wall, access to groups, access to replies, stats access, access to products. The only scopes needed for this demo are email, but I included status and notes as well.
Add the vKontakte configuration to identityProviders.json using the configuration example for Google in the same file.
Next, turn on the vKontakte provider in the Social ID Providers menu:
Enable user registration, and any custom Terms and Conditions needed for social registration.
At this point you will have the basic plumbing in place to support users registering their accounts via vKontakte. However, since vKontakte will not provide a username in the format you prefer, I strongly recommend modifying the Social Registration Properties transform scripts to accommodate or pre-fill any attributes you want. For example, I remove all spaces from the full name returned by vKontakte to create a username:
One could also write a transform script to verify the email address for example.
End User Experience
The following is the flow for social-registration with vKontakte.
The user clicks on the register link after navigating to http://domain-registered-with-vKontakte/#login.
The user is then presented with the previously configured (by the admin) Terms & Conditions screen:
After accepting the T&Cs, the user is taken to the Registration page:
Upon clicking the “Register with vKontakte” link, the user is taken to the vKontakte site and presented a login page as follows:
After logging on, the user must consent to grant access as follows:
Allowing the access takes the user immediately to the following page that shows the user data made available by vKontakte:
vKontakte did not provide me the email address from the userinfo endpoint, but it was provided as per the requested scope along with the access_token. Some logic in the OAuth HTTP client takes care of pulling the email from the json response and adding it to the getProfiles json response for OpenIDM to process.
Save the profile and a confirmation appears stating I registered successfully unless you have a KBA stage configured as well:
This completes the social-registration portion. The next step is to be able to login from vKontakte into OpenAM and achieve seamless sign on to OpenIDM.