privacy for social media login

Q: I see social wifi (eg. facebook login) captures user details and stores in mbox RADIUS database? there's a password field in the captured user record, is this user's facebook login password? How to protect user privacy?

R: mbox HSG uses facebook (or other social media login methods) open API to authenticate with the respective social media provider. when user is prompted to login with their social media account for Wi-Fi access (eg. facebook account), they are redirected to the respective provider login page, and whatever information (username & password) entered is within the provider page and remains transparent to mbox HSG.

After user submits their social medial credentials, the provider will inform HSG to permit or deny access. For example, in the case of facebook login, If user is a valid facebook user and enters the correct account info for facebook authentication, facebook will inform HSG to permit access, else deny access. Upon successful authentication, mbox HSG will use the same API session to pull users public profile, and store users login ID together with public profile info inside HSG RADIUS database. Note that these are public profile info that users have configured in facebook privacy setting to allow public viewing.

There's no way for mbox to access to user private info, neither can it get access to user's social media password. The "password" show in HSG RADIUS password field against each user id is a dummy password. It's not user's actual social medial login password.