What we really need is federated authentication, but that ... • Aaron Parecki

coolaj86 https://github.com/coolaj86 • Apr 23

#3837 Simpler UX for OAuth2 login with GitHub

What we really need is federated authentication, but that doesn't exist yet.

This sounds like a great use case for IndieAuth. w3.org/TR/indieauth

IndieAuth is an OAuth 2.0 extension, which avoids the centralized problems with existing OAuth solutions by using DNS for "registration" of client IDs and user IDs. Every user account is identified by a URL (for Gitea this could be your Gitea user page), and client IDs are also URLs (would be the Gitea instance home page in this case.)

To log in to your Gitea instance, I would enter my own Gitea profile URL. Your instance would then do discovery on my URL to find where to send me to authorize the login on my own OAuth server (my Gitea server), which would then send me back to your Gitea where it would be able to verify the authorization code against my Gitea instance.

I'd be happy to walk through this in more detail if you're interested!

Portland, Oregon, USA • 53°F

Mon, Jun 4, 2018 6:43am -07:00 #indieauth

1 reply
Have you written a response to this? Let me know the URL:
- Tantek Çelik tantek.com
  
  I think IndieAuth makes a lot of sense as the way to implement a federated login protocol to provide a "simpler UX for OAuth2" login for Gitea as this issue is named.
  
  It would also be possible to provide support for the "with GitHub" portion (as originally noted in the issue) without having to ask / wait for GitHub to implement IndieAuth, by adding https://indieweb.org/RelMeAuth support.
  
  https://indielogin.com/ is an example of an open source service that supports both of those, IndieAuth as github.com/aaronpk suggested and RelMeAuth, and is in daily use by folks signing-into the IndieWeb.org site.
  
  Mon, Jun 4, 2018 2:55pm -07:00

Posted in /replies using quill.p3k.io

Aaron Parecki

#3837 Simpler UX for OAuth2 login with GitHub