Is there a Rails authentication library which separates users from login methods?

In my mental model of authentication, a user should be distinct from the way they log in. So for example, a User could have an associated EmailLogin (with an email/password), or they could have many (or none). Similarly they could have 0..* associated OpenIDLogin credentials.

Are there any existing authentication libraries for Rails which use this method?

Alternatively, is t开发者_如何学Pythonhis a really terrible idea?

Instead of creating an User model where each User has only one pair of credentials to authenticate with, create an User and a Login models where each user has many Logins (and Login belongs_to User). So for example with authlogic you would define the models like this (or similar):

class User << AR
  has_many :logins
end

class Login << AR
  belongs_to :user
  acts_as_authentic ....
end

@Tomas has the right idea. I would put the password attribute in the User model, and put email, confirmation_code, and is_confirmed? in the Login model.

Then you could have forms to add Logins to users with unvalidated email addresses. To validate an email address, you either have to get it from an OpenID/OAuth/FBConnect provider, or you have to have a way to trigger a validation, which sends an email to the user with a confirmation code. The user has to go that email client, retrieve the confirmation code, and enter it. If it matches, then the address is confirmed.

I stumbled across this method when using rpxnow.com for my authentication solution. You integrate once with rpxnow.com, and their login widget lets you integrate with Facebook, Google, Yahoo, Microsoft and OpenID. One datum it passes back after authentication is the verified email address.