I just emailed SImpleAuth support and got this reply back from Mike (which he agreed I could post here):
----------------- "We completely understand the concerns. The founders (I'm one of them) are all developers and we built SimpleAuth because it's just what we needed as well. Every developer needs this at some point for most sites. I can't go much into the specifics just yet, but we've got some pretty neat stuff in the pipeline that will be the revenue driver, but the SSO/Sharing/Contacts will always be free in their full glory. SimpleAuth also addresses a major issue with the largest commercial player in the market -- the fact that with other services, your provider API Keys are tied to their domain (YOURNAME.THEIRDOMAIN.COM). With SimpleAuth, you create a CNAME and all the API Keys from the providers are tied to your domain. Should the unthinkable happen, you won't be left out in the cold asking your users to re-register. We're like the SimpleGeo of SSO/sharing/contacts. I'm aware that the answer is a bit vague, but that's all I can share at the moment about what's coming in the future. If you have questions during implementation, feel free to shoot us an email (our only support method at this time) and we'll be glad to help. And, to alleviate the concerns about grabbing passwords, "villas" is absolutely correct - no password is ever entered by anyone on SimpleAuth (or sites that integrate SimpleAuth). Users are always redirected to the selected provider and everything from that point forward happens with the beautiful token dance. If I'm not overextending my welcome... There's sample code on the site in PHP. If anyone from your community comes up with wrappers, sample code, etc for web2py... though we can't "officially" support it, we'd be happy to set up a wiki or forum for that to be shared with future users, too." ----------- All sounds pretty good to me! On 27 April 2011 11:35, villas <villa...@gmail.com> wrote: > Your password should only be entered into the authentication site, > e.g. if you log in via Google you should only enter your password into > a browser window which shows a Google url. > > On Apr 27, 9:57 am, stefaan <stefaan.hi...@gmail.com> wrote: > > > I just came across this site: simpleauth.com, its a Janrain > > > alternative that allows for 3rd party authentication on websites, and > > > the best part of it is that its totally free. > > > > Maybe I'm just being paranoid, but how do we know it's not just > > collecting people's > > passwords? >
