OpenId, face book connect login with RPX API

gottimukkala

Hi I am trying to implement OpenId and facebook connect login for our site. I found there RPX API which supports login from variuos providers. I found only uservoice.com which implemented with RPX API, my question is whether do we get password to store in our database for next time login if the user wants to use our site login form. Any ideas please!!!!!!!!

-- http://ashakthi.blogspot.com http://kids-articles.blogspot.com

molson1

Hello, Good question. With RPX, relying party sites that have enabled third party logins do not store a user password. The user is redirected back to his/her preferred identity provider's site to authenticate, and while a rich set of profile data can be passed back to a relying party site with that user's consent, the password stays with the provider. This enhances the overall security of OpenID as a technology and as a standard, since a user's password must no longer be exposed out in the wild on sites with potentially unencrypted user databases. For return logins, RPX stores a cookie to remember a user's preferred provider, and displays that provider's button as the primary option to sign-in. This makes the return visit sign-in process as easy as a single click. For more information on RPX, you can check out our technical documentation at http://rpxnow.com/docs, visit our developer wiki at http://rpxwiki.com or email us at supportATrpxnowDOTcom. One more thing - a relying party site also has the option of prompting users to create a username/password when signing-in with a third party account for the first time, as a backup if necessary.

modified on Wednesday, May 27, 2009 12:12 AM