Given its ease of use, across all platforms, Pinterest users creating new accounts are 2x more likely to use One Tap compared to other multi-step options. Implementing Google Identity Services was straightforward, with One-Tap taking a couple weeks to implement from start to finish.
This is a particularly frustrating user-experience requiring users to retrace their original login mechanism and saved content. One Tap reduces the friction of users having to remember and type in username and passwords, while also addressing users failing to remember their original sign in method, which leads to duplicate account creation. Specifically, Pinterest migrated from the previous solution to the new suite of products called Google Identity Services, which includes the new One Tap module, because it enables Pinterest users to access their accounts and saved content with a single click, instead of being sent through a multi-step sign in process. Many thanks to Ali Altaf, Jean Aurambault, Steve Cohen, John Egan, Kevin Grandon, Devin Lundberg, Vamsi Ponnekanti, Ryan Reid, and the Web & API teams for all the help and guidance.Pinterest uses the Sign in with Google button across its mobile and web platforms and has subsequently also implemented Google One Tap on Android, Web, and Mobile Web. Īcknowledgements: These features were a cross team effort. Let us know in the comment below, or find us on Twitter. Stay tuned for more updates from our team and Pinterest Engineering!ĭid you have a direct experience, on Pinterest or elsewhere, with revoking unknown or undesired sessions? If so, we’d like to hear from you. With the email notification on new login and the ability to view and revoke active sessions, security makes its first appearance in the Pinterest app and we couldn’t be more excited. If so, the job sends an email to the owner of the account. On execution, the job retrieves a list of all sessions and evaluates if the login event is from a new device or IP address. Email notificationĪt every login (a few million per day), the API dispatches an async job to our PinLater service (which is open sourced). The new functionality of retrieving and revoking active sessions was added via API calls which connect directly to Session Manager’s endpoints. Session manager has always had the ability to revoke sessions, but this is the first case where we allow Pinners to use it. It’s a Java service accessed by the API through a Thrift interface to validate the session of every request (150k+ per second).
At the core of both features is Session Manager, which is responsible for storing and validating user sessions.
0 kommentar(er)
