Hi
Usually people ask for 'best library', but I assume OpenID authentication is only a couple of requests in/out...? And I'm on GAE where more JARs means slower cold-start. For example openid4java-0.9.5.jar has 190kB. That seems like an insanely high cost for some URL reading and text parsing.
Am I missing something? Is it more complicated then what is needed when requesting access_token and user info from Facebook?
Is there some well explained howto? (This looks good but seems to be useful only for Google Accounts.)
Or is the authentication that complicated (or identity providers that non-compatible) that I should just accept +190kB and add them to my JARs? (Or maybe wait with OpenID for now.)