Or you could use a decent open source identity and access management system, like OpenAM? Writing your own security code seems to me like a very dubious practice, and is surely not core to your business?
I strongly agree! The standard is pretty complex and implementing it without vulnerabilities is nothing you do just btw.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.