Home/ Questions/Q 733647
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T07:16:47+00:00

I wish there was a central, fully customizable, open source, universal login system that

  • 0

I wish there was a central, fully customizable, open source, universal login system that allowed you to login and manage all of your online accounts (maybe there is?)…

I just found RPXNow today after starting to build a Sinatra app to login to Google, Facebook, Twitter, Amazon, OpenID, and EventBrite, and it looks like it might save some time.

But I keep wondering, not being an authentication guru, why couldn’t I just have a sleek login page saying “Enter username and password, and check your login service”, and then in the background either scrape the login page from say EventBrite and programmatically submit the form with Mechanize, or use an API if there was one? It would be so much cleaner and such a better user experience if they didn’t have to go through popups and redirects and they could use any previously existing accounts.

My question is:

  • What are the reasons why I shouldn’t do something like that?

I don’t know much about the serious details of cookies/sessions/security, so if you could be descriptive or point me to some helpful links that would be awesome. Thanks!

Edit:

I’m familiar with OpenID and the APIs. I was really wondering about the security/legal/confidentiality side of things. I understand the confidentiality part totally, don’t know if there’s anything legally written down about this, but assuming it’s under ssl, and I don’t store any of the data (will store the cookies and tokens), what are the security implications?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If I come to your website and give you my gmail password, what guarantee do I have that you won’t read all my emails and even send a few of your own? And what if you become a little smarter and say ‘people reuse passwords, I might just as well try if this password works for his bank account’.

    As a user, I don’t trust your site with my password. Period.

    The whole point of Open Id and OAuth (that’s what RPX uses) is to get around the above issue. I can give your website restricted, revocable and configurable access to my facebook account, all without giving your website my facebook password.

    The UI is confusing, I agree. But with time people will understand what its all about, and it will be a lot better.

    • 0