Other sites doing something badly does not mean it shouldn't be done.
You're making the generalization that this app will also do it wrong, and maybe that's likely, but I think it's too pessimistic.
If every single application everywhere rolls it's own auth every time, you're going to have 10 auths (which according to security advice should be seperate) to remember.
regardless of implementation the idea of unifying (or even semi-combining) login is not a bad/not worthwhile idea
If every single application everywhere rolls it's own auth every time, you're going to have 10 auths (which according to security advice should be seperate) to remember.
You're confusing with what is [perhaps] technically the most reasonable solution with what your potential users will be willing to do. That's a mistake.
isn't thinking about user convenience a good thing?
Can you elaborate? Are you saying that the most reasonable technical solution is what people should select, regardless of what the potential users are willing to do?
You're making the generalization that this app will also do it wrong, and maybe that's likely, but I think it's too pessimistic.
If every single application everywhere rolls it's own auth every time, you're going to have 10 auths (which according to security advice should be seperate) to remember.
regardless of implementation the idea of unifying (or even semi-combining) login is not a bad/not worthwhile idea