Skip to content

Instantly share code, notes, and snippets.

@exonomyapp

exonomyapp/Global South Auth Providers.md

Last active August 18, 2024 19:10
Show Gist options
  • Save exonomyapp/10494e58b174849ffab7b3bd6e86f956 to your computer and use it in GitHub Desktop.
Save exonomyapp/10494e58b174849ffab7b3bd6e86f956 to your computer and use it in GitHub Desktop.
Download ZIP
Authentication Providers Popular in the "Global South"
Raw
Global South Auth Providers.md

Here's a list of the top 10 most popular authentication providers from China, India, Southeast Asia, Russia, and Africa, excluding the original 10 providers. Each of these platforms is tailored to its region, with unique features and conditions that set them apart, including unique aspects of their authentication flows. These unique aspects highlight the different authentication needs and challenges developers face when working with providers in these regions, particularly in managing security, localization, and integration with regional services.

1. WeChat (China)

  • Platform: Super app used for messaging, social media, payments, and more.

  • Scopes: Provides access to user profile, contacts, payments, and social data.

  • User Base: Over 1 billion active users, making it the dominant platform in China.

  • Unique Aspects:

    • Super App Functionality: WeChat is more than just social media; it’s also used for payments, shopping, and even government services.
    • Mini Programs: Developers can create mini-programs (apps within WeChat), requiring specific authentication integration.
    • Government Integration: WeChat ID can be tied to official government IDs in China.

  • OAuth Flow: WeChat uses OAuth 2.0 for authentication. Developers must register their app within the WeChat Open Platform.

  • Scopes: The basic scope is snsapi_userinfo for user data access, but developers must handle the snsapi_base scope for silent authorization (no user consent screen).

  • UnionID: WeChat provides a UnionID for users, which is consistent across different apps under the same WeChat Open Platform account.

  • Language Support: WeChat’s API supports multiple languages but requires specific configuration for handling Chinese characters and localized data.

  • State Parameter: WeChat requires using the state parameter to maintain session integrity, but this is particularly sensitive in WeChat’s environment due to potential man-in-the-middle attacks.

2. QQ (China)

  • Platform: Social media, instant messaging, and gaming.

  • Scopes: Profile information, friends, and gaming data.

  • User Base: Hundreds of millions of users, popular among younger demographics.

  • Unique Aspects:

    • Gaming Integration: QQ is heavily integrated with gaming platforms, making it the go-to for gaming-related authentication.
    • Virtual Goods: Users can purchase and use virtual goods, integrated with their QQ accounts.

  • OAuth Flow: Like WeChat, QQ uses OAuth 2.0 for authentication.

  • Scopes: QQ offers different scopes for accessing profile information, including get_user_info for basic data.

  • User ID: QQ provides an OpenID, unique to each application, requiring developers to manage multiple OpenIDs for the same user across different apps.

  • PC vs. Mobile: QQ's authentication flow differs slightly between PC-based web applications and mobile applications, with different endpoints and user consent flows.

3. Alipay (China)

  • Platform: Payment platform used for online and offline transactions.

  • Scopes: User profile, transaction history, and payment details.

  • User Base: Over 1 billion users, especially for mobile payments.

  • Unique Aspects:

    • Financial Services: Alipay is deeply integrated with financial services, including loans, insurance, and investments.
    • Secure Payments: Authentication focuses on secure transactions, often requiring multi-factor authentication.

  • OAuth Flow: Alipay also uses OAuth 2.0 but with additional security layers for financial transactions.

  • Scopes: The primary scope is auth_user for accessing user identity information. Additional scopes include auth_base for silent authentication.

  • Token Exchange: Alipay requires specific handling of access tokens due to their focus on secure financial transactions. Developers often need to deal with refresh tokens more actively.

  • Redirect URIs: Alipay has strict requirements for redirect URIs, often requiring them to be pre-registered and validated.

  • Two-Factor Authentication: Often used in conjunction with other security measures, like SMS-based 2FA.

4. Zalo (Vietnam)

  • Platform: Messaging and social media.

  • Scopes: Profile information, contacts, and media sharing.

  • User Base: Most popular in Vietnam, with over 100 million users.

  • Unique Aspects:

    • Localized Content: Strong focus on local content, news, and government services.
    • Business Integration: Zalo is used for business communication and marketing in Vietnam, offering unique APIs for these purposes.

  • OAuth Flow: Zalo uses OAuth 2.0 for authentication, requiring apps to be registered within the Zalo Developers portal.

  • Scopes: Common scopes include access_profile for basic user information and access_friendlist for friend data.

  • User ID: Provides a unique Zalo ID that must be managed across different applications.

  • Localized Data: Zalo authentication often requires managing user data localized to Vietnamese language and formats.

5. Paytm (India)

  • Platform: Digital payments and financial services.

  • Scopes: User profile, payment history, and financial data.

  • User Base: Over 400 million users, primarily in India.

  • Unique Aspects:

    • Financial Ecosystem: Paytm integrates with banking, insurance, and investment services, providing a comprehensive financial platform.
    • Aadhaar Integration: Paytm often integrates with Aadhaar (India’s biometric ID system) for KYC and secure authentication.

  • OAuth Flow: Paytm uses a custom OAuth 2.0 flow integrated tightly with its payment gateway.

  • Scopes: Key scopes include paytm_profile and paytm_transaction for accessing user payment and transaction data.

  • Aadhaar Integration: Paytm can integrate with India’s Aadhaar system for authentication, particularly for KYC processes.

  • Mobile Number Authentication: Paytm often uses mobile numbers as a primary identifier, with OTP (One-Time Password) as a common authentication method.

  • Token Expiry: Tokens are often short-lived, requiring frequent refreshes especially for financial transactions.

6. Naver (South Korea)

  • Platform: Search engine, social media, and online services.

  • Scopes: User profile, email, and social data.

  • User Base: Dominant in South Korea, with millions of daily active users.

  • Unique Aspects:

    • Local Services: Strong integration with local services like maps, shopping, and news in South Korea.
    • Naver Pay: Offers Naver Pay integration for seamless online transactions.

  • OAuth Flow: Naver uses OAuth 2.0 for authentication, with a straightforward integration process for developers.

  • Scopes: Scopes include profile and email for accessing user data, with additional scopes for specific Naver services.

  • User ID: Naver provides a unique identifier (id) that is consistent across applications under the same developer account.

  • API Rate Limits: Naver has strict rate limits for its API, requiring careful management of API calls during the authentication process.

  • Localization: Authentication responses and data may need special handling for Korean language and formats.

7. Kakao (South Korea)

  • Platform: Messaging, social media, and payments.

  • Scopes: Profile information, messaging, and social interactions.

  • User Base: Over 50 million users, popular in South Korea.

  • Unique Aspects:

    • KakaoTalk: The most popular messaging app in South Korea, widely used for personal and business communication.
    • KakaoPay: Integrated payment service allowing seamless transactions within the Kakao ecosystem.

  • OAuth Flow: Kakao follows OAuth 2.0 standards, with additional security features for app registration and management.

  • Scopes: Basic scopes include profile, account_email, and friends, tailored to KakaoTalk’s social features.

  • Unique ID: Kakao provides a unique user ID (id), which is stable across all apps linked to the same developer account.

  • KakaoLink: Developers can use KakaoLink to integrate with KakaoTalk for sharing content, which also impacts the authentication flow.

  • Session Management: Kakao’s API often requires developers to actively manage user sessions, especially for mobile applications.

8. VK (VKontakte) (Russia)

  • Platform: Social networking and media sharing.

  • Scopes: Profile, friends, photos, and music.

  • User Base: Over 100 million users, mainly in Russia and surrounding countries.

  • Unique Aspects:

    • Content Sharing: VK is heavily used for sharing music, videos, and other media.
    • Integration with Russian Services: VK is often integrated with other Russian services, including government portals and e-commerce.

  • OAuth Flow: VK uses OAuth 2.0 for authentication, with a focus on integrating social media features.

  • Scopes: Common scopes include friends, photos, and email, depending on the required access.

  • User ID: VK provides a unique user_id that is consistent across all applications.

  • Captcha Handling: VK may require captcha handling during the authentication process, particularly in cases of suspicious login activity.

  • Localized Language Support: VK is heavily localized for Russian users, requiring proper handling of Cyrillic text in responses.

9. Yandex (Russia)

  • Platform: Search engine, email, and various online services.

  • Scopes: User profile, email, and browsing data.

  • User Base: Dominant in Russia, with millions of users across its services.

  • Unique Aspects:

    • Service Integration: Yandex integrates a wide range of services from search to taxis (Yandex.Taxi) and cloud storage (Yandex.Disk).
    • Localization: Strong focus on the Russian market with localized content and services.

  • OAuth Flow: Yandex uses OAuth 2.0, with a focus on integrating with Yandex's broad suite of services.

  • Scopes: Scopes include login:info and email, with additional scopes for specific Yandex services (e.g., Yandex.Money).

  • User Data: Yandex provides a unique id that must be managed across its various services.

  • Security: Yandex places a strong emphasis on securing authentication, often requiring additional validation steps for sensitive data.

  • Localization: Yandex authentication data is heavily localized, with responses often needing to be handled in Russian.

10. M-Pesa (Africa)

  • Platform: Mobile payment and financial services.

  • Scopes: User profile, transaction history, and financial data.

  • User Base: Over 50 million users, especially in East Africa (Kenya, Tanzania).

  • Unique Aspects:

    • Mobile-First: M-Pesa is designed for mobile-first markets with limited banking infrastructure.
    • Financial Inclusion: Provides financial services to the unbanked, including savings, loans, and insurance.
    • Integration with Local Economies: Deeply integrated with local businesses, from small vendors to large corporations.

  • OAuth Flow: M-Pesa uses a custom OAuth-like flow for authentication, primarily tied to mobile numbers and financial transactions.

  • Scopes: Scopes are related to user identification and transaction authorization, often tied to specific financial services.

  • Mobile Integration: Authentication is closely integrated with mobile numbers, often requiring OTPs sent via SMS.

  • Security: M-Pesa’s authentication flow is highly secure, often requiring multi-factor authentication and additional encryption measures.

  • Regional Variations: M-Pesa’s authentication flow can vary depending on the country, with different implementations in Kenya, Tanzania, etc.

Summary of Unique Aspects:

  • WeChat, QQ, Alipay (China): Focus on super app functionality, integrating everything from social media to payments, and even government services. Heavy integration with super apps and financial services, with specific requirements for secure authentication and managing user IDs across platforms.
  • Zalo (Vietnam): Localized content and services, with strong business integration in Vietnam. Localized authentication processes tailored to Vietnamese language and services, with unique IDs and social data access.
  • Paytm (India): Financial services ecosystem with Aadhaar integration, serving a massive user base in India. Custom OAuth flows with tight integration with mobile numbers and Aadhaar for KYC, focusing on financial transaction security.
  • Naver, Kakao (South Korea): Dominant in South Korea with a focus on localized services, social media, and payments. Focus on integrating social and payment features with stable user IDs and localized language handling.
  • VK, Yandex (Russia): Focus on local content and services, with strong ties to the Russian market. Strong localization with additional security features like captcha and consistent user IDs across services.
  • M-Pesa (Africa): Mobile-first financial services that provide banking for the unbanked, crucial in many African markets. Mobile-first authentication with a strong emphasis on secure transactions and regional adaptations across different countries.

These providers dominate in their respective regions and offer services tailored to the local needs and technological infrastructure, distinguishing them in some ways from the more globally-oriented Western providers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment