One aspect of my previous projects which I liked was that you could log in using existing accounts on Google, Facebook, and others. It is convenient for the user and it saves me from managing credentials. Sounds like a win-win to me. The only downside is that people can get confused which account they logged in with before. I think the upside outweighs the confusion issue though. I want the barrier of entry to be as low as possible.
Sites with Benefits leveraged Janrain for authentication. I'm going to go a different route with Project Venice, Passport. This solution was built for Node.js and supports a large number of authentication providers including Twitch and Steam. To start with I am just going to use Google. Well, that was the plan at least. Instead, I was greeted with: OpenID auth request contains an unregistered domain. It seems Google has depreciated the OpenID method of authenticating for new sites.
The 'proper' way to do this now is with Google+. Luckily, there is a Passport Strategy for this as well, so it is easy to plugin. On the Google side, this post explains how to get started.
Initially, I tried to create OAuth2 tokens using my hosts IP address. Google did not like that for the redirect URI, as it wanted a hostname. I don't want to buy one quite yet, so I went to http://www.duckdns.org and created one. Google is now happy with that.
With Google+ authentication working, I went ahead and hooked up MongoDB so I can actually create a user. I don't really want to use any of the name information I get from Google, so players will have to create a username when they log in. That means I will also have to develop a filter to prevent obscene names.
You can log in an try it out :) Let me know if it works or not. You won't receive any spam as the database won't last long.