Logging in is optional for this site – you don’t see anything logging in that you don’t see otherwise. You only have to log in to leave comments.

Like most sites, you can create your own user name and password to leave a comment. You may also use “OpenID” – a standard way of logging in to many sites. Several sites, including Yahoo and WordPress, provide OpenIDs for their users.

I recently tried integrating RPX – this allegedly lets people log in using their IDs from most major web sites: Facebook, Yahoo, Google, and so on. I mostly wanted it for the Facebook login. But I couldn’t get Facebook to work. It sort of “logged you in” but it didn’t seem to really let you post comments. [see update below: this is an undocumented shortcoming of the "free" or "try before you buy" service]

It’s not surprising that this didn’t work. It requires perfect configuration in several sites: my blog, the RPX site, and Facebook, for starters. A slipup in any one of them brings it all crashing down. Even worse – to make Facebook work you have to implement a “custom application” on the Facebook end. Those are really nasty to configure.

For anyone who is familiar with RPX – one thing I found especially troubling was that I didn’t end up with new users in my database. If new users don’t appear in the database, then I can’t give them privileges. Thus, I can’t do my own login through RPX.

Update: Michael Olson of JanRain (the RPX folks) contacted me and pointed out my problem: Facebook authentication is only supported on the premium versions of RPX.

I just went back through the web site and found nothing to indicate that shortcoming. It may be a sensible business practice to charge extra for extra features, but I’d expect the site to note these differences. The site makes no distinction between the different ID providers in the feature descriptions.

In fact, it’s rather tricky to use Facebook login. You don’t simply use built-in API calls like you do with OpenID. You have to implement an application on the Facebook side. Then the RPX code negotiates with the site-specific Facebook application to authenticate the Facebook user. Also, the RPX step-by-step instructions appear to leave out an essential step – something about callbacks from Facebook. However, you can find the missing step through a careful study of their Help pages. I think I found it via Google.