I am designing an application that allows user to register with an OpenId (e.g. Google), which will be the "primary" id used for logging in. The application will also allow the user to "link" other accounts (e.g. Facebook) to take advantage of extra features.

While I am pretty clear on the back-end design that will store the relationship between multiple accounts (usually just storing an extra userId-openId-openIdSource mapping), I am wondering how to automate the process of actual login. The sequence I am looking for:

1. Login with "primary" account (e.g. Google).

2. Auto-login the user into their "linked" accounts (e.g. Facebook) <--- how??

If the user does not have an open session with the 3rd party OpenId providers (e.g. Facebook), then my understanding is that she would have to login to the "linked" accounts every time after completing step 1. Is there a way to automate that (short of saving their password)? Or the manual login for step 2 is expected and accepted?

Yes, the user has to login to all other "linked" accounts manually and it is not a good idea to store their passwords and I guess no user would like it either.

But OAuth would do the trick for you. OAuth will allow you to redirect users to facebook and get them logged in. And then facebook will give you an access token which you can use to retrieve user info from facebook, post on their wall etc.

So use OpenID to register users and then use OAuth to login into "linked" accounts.