The specification relates to online user login. In particular, the specification relates to enabling user login with an identity provider, specifically, enabling, on any website, a unified user login that supports login through multiple known identity providers and, if necessary, the website's legacy login.
Many websites provide the capability for users to login to view their personal information, or other information that the user wants to keep private, or even access the functionality provided by the website. Oftentimes, the user logs in by entering the user identifier and a password in order to access the information and/or functionality. The website then compares the password entered at login with the correct password associated with the e-mail address. This is not ideal because a user must remember multiple passwords, which is inconvenient, or a user reuses the same password on multiple websites, which compromises the security of all websites if one website is compromised. Moreover, not all websites are created equally in terms of encryption and security. In response to such concerns, identity service providers (IDPs) have been created. Rather than a website authenticating the user's identity in order to access the website, the website (sometimes referred to herein as a “requesting party” or “RP”) requests that an IDP authenticate the user, and, if the user is authenticated by the IDP, the RP permits access (i.e., the user is granted access to the website).
However, a first problem is that current systems require a website administrator to perform significant coding, which may be difficult and time consuming, to support an IDP. A second problem is that the coding in the current systems may be unique to that IDP; therefore, new coding is required to support each additional IDP. A third problem is that the various IDPs do not produce the same cryptographic data responsive to authenticating a user, so a requesting party needs separate verification software for each IDP the requesting party wants to support. A fourth problem is that often requesting parties already have a significant number of user accounts protected by password (occasionally referred to as “legacy accounts”) and transitioning the legacy accounts to accounts accessed using an IDP presents challenges (occasionally referred to as “federated accounts”).