OAuth/single sign on support
Mantas Zimnickas commented
With OAuth you have to support each authentication provider separatly, with OpenID, one implementation supports all priveders at once.
Personally, I use OpenID, and love sites, that supports it. Google/Facebook OAuth is miportand, but OpenID will not hurth also. I never use Facebook OAuth, because most sites abuse it for social marketing.
Here are some examples that support both:
Rasheed H. Ali commented
I am really insupport of this. I use Gmail and would love to use that login.
AdminKirill Maximov (Admin, Checkvist) commented
Vladimir, thanks a lot for your thoughts - very refreshing.
Would be glad to hear your comments regarding recent article from OAuth author, where he blames current OAuth2 specification:
As someone who was investigated/implemented community logins for a client, I have to say the following:
1. Community logins are in fact VERY useful to increase sign-up rate. 3x time for my client comparing to email/password
2. OpenID lost its traction due to (my opinion) incomplete functionality in the getting user information area (for instance, there are at least two extensions to get full name and email, and neither work reliably). Microsoft for instance dropped their OpenID service.
3. The winner is apparently OAuth. While in its default implementation it cannot provide user information, every provider offers a protected resource (URL) that gives the information to the caller. Downside is that every provider has a different URL and different format of user data on that URL, but it compensates by the sheer number of providers: Google, Live!, Yahoo!, Facebook, LinkedIn, ... first few probably cover some 99% of Internet users.
4. There is a concern that users would get confused what identity they had used with the service before. Practice shows that it is not a case: regular users have one primary account (e.g. Google or Facebook) and use it everywhere. Tech-savvy users who have multiple accounts do remember which one they use where (or re-login).
5. Another concern is the external provided availability. Well, the availability of Google or Facebook is at 5 9's, I believe. Would be hard to expect any influence to availability of Checkvist.
6. Re: external services such as RPXNow. Doesn't worth it anymore. OAuth libraries are plenty and matured. RPXNow provides some other services, such as "social analytic", but it may be of lesser value for Checkvist.
Yes, use http://rpxnow.com