Rohan kanade wrote:Mark, this will be my final question to you
That's OK, ask away! That's what I'm here for.
Rohan kanade wrote:what are the advantages and disadvantages of using various social platforms for user identification and authentication in my own web application?
A good question. Once obvious advantage is that you don't need to handle storing usernames/passwords within your database/file store. For users they don't have to create another username/password combination that they have to remember to use your site! The added value of these social platforms is that they can also be used to share updates with friends as users can "re-create" their social graph (connections) on your own site. For example, users may already have an extensive friends list on Facebook which they can "port" to your site and find their Facebook friends who are also using your application. The main disadvantage is if a platform goes out of business! But also, more technically-focused, that you will have to keep up-to-date as platforms do tend to add/remove features almost weekly. As users have already created rich user profiles on other popular web sites you can then use this data to customise and personalise it to your users. For example, age-specific or country-specific sites.
Rohan kanade wrote:like if i completely rely on such platforms to perform user authentication for me, what am I gaining or loosing here?
I would suggest coupling these authentication mechanisms with your own user identifiers if you can. As you say, you could lose out if a platform goes bust! However, you could always ask for a user's e-mail address and prompt them to re-register should that happen. Facebook does have a number of methods of alerting
you should a user de-activate their account which will enable them to re-register on your site.
Rohan kanade wrote:and how safe are these platforms against xss attacks against my web applications?
All of these platforms do provide robust methods which filter out such attacks. I would recommend also using a web application framework for additional security. In the book I use CodeIgniter but there are many others such as Django that can be used. The official libraries do do a lot of verification behind-the-scenes but I'd always recommend checking inputs/outputs for such exploits as you mention.
I hope that helps?