There are multiple ways to login with web2py and one of them, which you point out is OpenID. The problem is setting these things up is usually more complex than needs to be. RPX allows developers to outsource this problem, configure multiple login methods in one place, keeps statistics about logged in users.
Personally I am not too fond of OpenID. It delegates authentication to a server trusted by the party who seek to be authenticated (the visitor) as opposed to the party requiring authentication (the server). I can think many vulnerabilities of such system that involved setting up a temp openid provider on a third party compromised machine. I trust the google login and the facebook login much better because there is a guarantee that they have verified the email of the visitor. Massimo On Jul 21, 11:47 am, Yarin <ykess...@gmail.com> wrote: > Massimo, can you explain why you are using RPX/Janrain vs a straight- > up OpenID implementation? It seems Janrain provides the same set of > features OpenID was meant to provide? How do the two relate? > > I was playing around with w2p-openID (http://w2popenid.appspot.com/ > init/default/wiki/main) - Should I abandon this and just concentrate > on Janrain? > > Just trying to understand best practices for web2py auth. Thanks. > > On Jul 15, 5:23 am, mdipierro <mdipie...@cs.depaul.edu> wrote: > > > I am thinking about including RPXAuth into gluon/tools. > > MrFreeze, what do you think? > > > Anybody using this already? > > Has anybody tried it on GAE? > > > Massimo
