Is api user authentication with oauth possible for both email/pw and 3rd party services

You could build your own oauth provider to wrap the 'email/password'. You'd need to understand oauth, but it's not actually that hard to do.

In that case, you would have one service running somewhere on your network, even same host, as the oauth provider, and then your site. Your own oauth provider would act just like facbook, twitter, etc.

It's not clear that this would be ultimately easier / better than supporting oauth + 'local/classic authentication' but it's certainly possible.

A lot of times, you can get away with just oauth to facebook, etc. If you're already using oauth anyway, then the key question is most likely whether more or less all your users already have a Facebook/Twitter/etc. account and if there's any reason they'd like to hide that fact from you or not. If you expect everyone to have an account with a 3rd party on the list and not be secretive about it, then you can often drop local authentication altogether.

• So, does he have to use oAuth by itself? Can he implement both it AND a standalone authentication?

  DougM

  – DougM

  01/15/2014 03:54:05

  Commented Jan 15, 2014 at 3:54
• There's no fundamental incompatibility between oauth and standalone authentication. Two authentication mechanisms is more code to understand, write, test, and support. For a seasoned developer, incorporating both in an app correctly would be relatively straightforward. It's something a new developer could probably get through. But at any level, the simplest thing that works is best.

  zanerock

  – zanerock

  01/15/2014 04:45:45

  Commented Jan 15, 2014 at 4:45
• Thanks for the reply, I think I will pursue this in the future but just do my own auth for now.

  cbron

  – cbron

  01/15/2014 21:51:49

  Commented Jan 15, 2014 at 21:51

• api
• ruby-on-rails
• oauth