StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POBest way to implement Single-Sign-On with all major providers?
text
Body
copied!<p>I already did a lot of research on this topic and have implemented a lot of solutions myself.</p> <p>Including OpenID, Facebook Connect (using the old Rest API and the new Graph OAuth 2.0 API), Sign in with twitter (which has been upgraded to fully qualified OpenID by now as far as I know), and so on...</p> <p>But what I'm still missing is the perfect all in one solution.</p> <p>During my research I stumbled about some interesting projects:</p> <ul> <li><a href="http://www.janrain.com/solutions" rel="nofollow noreferrer">Janrain (formerly RPX) - a commercial solution</a></li> <li><a href="http://www.gigya.com/" rel="nofollow noreferrer">Gigya - a free but externally hosted solution with javascript and rest apis</a></li> <li><a href="http://www.anyopenid.com/" rel="nofollow noreferrer">AnyOpenID - a free solution for clients, commercial for websites</a></li> </ul> <p>But I don't want to rely on an external provider and I would like a free solution as well, so I am not limited in implementation.</p> <p>I have also seen developers implementing one service after another dutifully following the providers instructions and setting up models and database tables for everything.</p> <p>Of course this will work but it is a shitload of work and always needs development and changes in your application etc.</p> <p>What I am looking for is an <strong>abstraction layer</strong> that takes all the services out there to one standard that can be integrated in my website. Once a new service appears I only want to add one model that deals with the abstraction of that specific provider so I can seamlessly integrate it into my application.</p> <p>Or better, find an already existing solution that I can just dowonload.</p> <p>Ideally this abstraction service would be hosted independently from my application so it can be used for several applications and be upgraded independently.</p> <p>The last of the 3 solutions above looks promising from the concept. Everything is just ported to an synthetic OpenID, and the website jut has to implement OpenID.</p> <p>After a while i found <a href="http://uswaretech.com/blog/2009/08/django-socialauth-login-via-twitter-facebook-openid-yahoo-google/" rel="nofollow noreferrer">Django socialauth</a>, a python based authentication system for the Django Webframework. But it looks like it operates as described above and i think this is the same login system that Stackoverflow uses (or at least some modified fork...).</p> <p>I downloaded it and tried to set it up and to see whether it could be set up as a standalone solution but I had no luck, as I am not so into python either.</p> <p>I would love a PHP based solution.</p> <p>So after this long text my question precisely is:</p> <ul> <li>How would you implement SSO, any better idea than porting everything and have OpenID as basis?</li> <li>What are the pros and cons of that?</li> <li>Do you know any already existing solutions? Preferrably open source.</li> </ul> <p>I hope this question is not too subjective, thanks in advance.</p> <p>Update: I concluded that building a proxy / wrapper or what you might call it for Facebook, to port it to an OpenID so it becomes an OpenID endpoint / provider would be the best option. So that exactly what i did.</p> <p>Please see my answer below.</p> <p>I added the bounty to get feedback/discussion on it. Maby my approach is not so good as i currently think it is!</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload