[OpenID] Autologin?

[Mark Wyszomierski]

Hi,
I'm trying to integrate OpenID into my webapp, but it's working a little
differently than I expected.

1) When a new user comes to my site, I have to authenticate them - this
means they need to either get redirected to their provider, or the provider
needs to have a popup window capability for authentication while still at my
site. The redirect is a little jarring, the popup is better, but does anyone
find that some users are confused by it/think it's a phishing deal?

2) After authentication is complete, I can write my own session cookie so
that if the user revisits my site, I can try to automatically log them back
in to my app without re-authenticating through openid. I heard about this
Facebook/Google deal where if you're logged into gmail, somehow you're
already authenticated for Facebook. If this is true, how would this work?
When I first started looking at OpenID, I was hoping the same could work for
my webapp. Since most users are logged into gmail anyway, when they visit my
site, I could see them as already authenticated with Google and skip step
#1? This would be similar to an auto-login.

Thanks for any info
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090622/0849ec8e/attachment.htm>