Among the first successful attempts to implement a thid-party authentication mechanism was the first release of OpenID, an open and decentralized authentication protocol promoted by the non-profit OpenID Foundation. Available since 2005, it was quickly and enthusiastically adopted by some big players such as Google and StackOverflow, who originally based their authentication providers upon it.

Here's how it works in a few words:

• Whenever our application receives an OpenID authentication request, it opens a transparent connection interface through the requesting user and a trusted, third-party authentication provider (for example, the Google Identity Provider); the interface can be a popup, an AJAX, populated modal windows, or an API call, depending on the implementation
• The user sends his username and password to the aforementioned third-party provider, who performs the authentication accordingly and communicates the result to our application by redirecting the user to where he came from, along with a security token that can be used to retrieve the authentication result
• Our application consumes the token to check the authentication result, authenticating the user in case of success or sending an error response in case of failure

Despite the great enthusiasm between 2005 and 2009, with a good amount of relevant companies publicly declaring their support for OpenID and even joining the foundation--including PayPal and Facebook--the original protocol didn't live up to the great expectations: legal controversies, security issues and, most importantly, the massive popularity surge of the social networks with their improper--yet working--OAuth-based social logins within the 2009-2012 period basically killed it.