IBM Bluemix has a new service that allows developers to add third-party security authentication into their apps. The service is called Bluemix App ID and allows users to login with social media credentials from Google and Facebook. There are no details on when Twitter or other social media authentication will be added.
There are several benefits to this approach. Users no longer have to create a separate ID and password to use an app. Without the need for a separate ID there is less risk of password reuse by users. However, it does mean that a user becomes more vulnerable if their social media account is hacked or taken over.
App ID makes customising the User Experience easy
For developers the gain is speed in adding authentication and ease of adoption by users. IBM is also offering developers other capabilities. App ID allows developers to store additional information about users. This is designed to allow them to offer customised experiences for users. It does this by allowing preferences to be stored along with other data such as how often a user access the app. This latter option could be used to offer new features based on app loyalty from a user.
What is interesting is that IBM is saying that the service supports engagement and data tracking for all users. That means both authenticated and anonymous users. When a user changes their status from anonymous to authenticated their data is carried across. This means that a user could experiment with an app and not lose their user experience setting when they link it to their social media.
How much does it cost?
IBM has created a graduated charging mechanism for the service. It charges for both authentication events and for authorised users. The first 1,000 of each are free until April 30th 2017. This allows developers to experiment with the service. After that the charges begin to be applied.
The first tier of pricing is for 1-10,000, for both events and users. For authentication events the initial cost is 0.4 cents and for authorised users it is 0.22 cents. The more events and users the lower the charge. An app with 50,000,000+ authentication events sees the charge drops to just 0.077 cents per event. For the same number of users it is 0.1 cents per user.
Conclusion
Making it easier to add user authentication from social media is a smart move. Many consumer and even business apps provide this data. What is not clear is whether the developer gets any data from the social media service, other than notification of an authenticated user. This will be important for developers. If they can also get basic information about the user from social media they can add additional personalisation.
Surprisingly the first version omits support for LinkedIn and Twitter. There is also no indication in the press release when these or other social media IDs will be added. It may be that IBM is still cutting a deal with those services.
