2 comments

[ 1775 ms ] story [ 8075 ms ] thread
We're using OmniAuth and it works wonderfully. It beats dealing with JanRain/Gigya for a single signon solution.
So the library is aggregating all the different authentication methods by the different providers and providing a single interface. This is pretty cool and should save a lot of time.

I've been working in the authentication/authorization space for a quite a while and the decision to hand off authentication to third parties can be a difficult decision. For social media applications it is ideal. But not everyone makes social media apps. There are lots of enterprise apps with valuable data behind them that would do well in keeping authentication tightly behind their own doors and guarding it closely.

There are issues that multi-provider authentication hasn't even touched that I feel are important if it is to gain more traction. I disagree that the 'sign up using a login and password' model is becoming the exception. I think it is nice to offer it but sometimes I like to keep my logins in separate spheres.