We are using OAuth for Facebook and Google for our current app. If we add anymore providers, there is a large chance that they will be using OAuth. OAuth has almost become the standard for remote authentication.

OAuth is great in that the user has control over their own permissions, and we do not have to store a password for them. Our application's flow is first, the user decides which service to authenticate with. We then ask for a URL from the provider that we can redirect the user to. This URL will let the provider know which application is asking for permissions. This will involve our application ID, referring domain, and application secret. Once the user logs in and approves our application, the provider will create a redirect back to our servers. We then get a code that we can exchange for a token. That token uniquely identifies our application's access to that specific user. No passwords are exchanged, and the user can later change the access.