"The problem of general OIDC identity provider support in clients" https://utcc.utoronto.ca/~cks/space/blog/tech/OIDCGeneralOPSupportProblem by @cks
#openid #openid_connect #oauth2
Cloudflare open-sources OPKSSH, bringing single sign-on to SSH with OpenID Connect and eliminating the need to manage long-lived SSH keys.
https://linuxiac.com/cloudflare-open-sources-opkssh/
Mixing up Public and Private Keys in OpenID Connect deployments - Hanno's Blog:
Thank you @jwildeboer for my next rabbit hole!
Lets take a look on @forgejo ...
oh - it also support #openid ...
uh - #Keycloak would be nice to do the job ...
ah - I could change my login on my #nextcloud ...
hm - my #matrix server also should support this ...
Trying to figure out how to use #OAuth and #OpenID in #OrchardCore to provide user authentication for an #Angular app (as opposed to just authenticating the whole app) but for some reason I'm finding the whole topic infuriatingly confusing.
Ich präsentiere euch den großen selfhosted Open ID Provider-Test
https://knuspermagier.de/posts/2025/der-gro-en-openid-provider-test
(Testmethode: Jede Software wurde mindestens für 2-3 Minuten angeguckt und versucht zum Laufen zu kriegen)
Ich... wollte mal Outline in der Selfhosted-Variante installieren, dafür brauche ich aber einen OpenID-Provider.
Also probierte ich verschiedene aus und es ist alles ein riesiger Enterprise-Mist. Authentik hat zwar ein relativ simples Docker-Setup, braucht aber 3 Stunden zum Hochfahren und hat dabei meinen Docker-Host fast gekillt? Hä.
Werde jetzt noch... Keycloak ausprobieren.
@rmondello Yes please. I’m especially interested in your take on #OpenID Connect’s failure to gain significant traction as a solution.
@ptoomey3 @ultranurd All the while ignoring that #OpenID Connect solved this problem already and is now a set of ISO/IEC standards: https://self-issued.info/?p=2573
i spent way to much time debugging the usage of #GoogleCloud SDKs in #flyio through #WorkloadIdentity.
ended up creating a little binary in #Go that can act as a proxy: https://www.frytg.digital/blog/2024-11-20-flyio-openid-token/ - maybe it helps someone
WTF "OpenID Connect specifications published as ISO standards"
Can we officially get rid of ISO? Why publishing to ISO which the worst way to distribute standards. It's behind a paywall, locked for contribution and you cannot redistribute the standards without paying the predatory charge.
https://self-issued.info/?p=2573
By the way, the OpenID standards and I-Ds are also available freely there:
.io domain¹ likely being phased-out² — seven suggested steps
Good article in The Verge summarizing recent .io related events, see that for more context if this is news to you:
* https://www.theverge.com/2024/10/8/24265441/uk-treaty-end-io-domain-chagos-islands
It looks likely .io (and .io domains) will go away in the next few years (as .cs and .yu did³), so here are my suggested steps to take depending on your usage of .io domains:
1. Avoid buying new .io domains (or making plans with existing ones; sell if you can)
2. If you currently run a .io service⁴ (for a company or community), make and publicize a transition plan (like a new domain, redirection, orderly shutdown plan for redirects)
3. If you have a personal site on a .io domain⁵ or subdomain, make your own transition plan, and perhaps post about how others should link to your posts
4. If you are using someone else’s .io domain to publish (like #GitHubPages⁶), make a transition plan to publish elsewhere and leave a forwarding note and link behind
5. If you use a .io domain as your Web sign-in login on any sites, switch them to another non-io personal domain
6. Similarly if your site accepts #WebSignIn logins (via #IndieAuth, #RelMeAuth, or even #OpenID), consider discouraging any new sign-ups from .io domains, and warning any existing users with .io domains to switch per # 5
7. If you have posts (or a whole #indieweb site) with links to .io sites or pages (like those in 2-4 above), make a plan for editing those links to point to an alternative or an archival copy (like on the Internet Archive)
And of course, post about your #dotIO plans.
Glossary
Domain
https://indieweb.org/domain
IndieAuth
https://indieweb.org/IndieAuth
Internet Archive
https://web.archive.org/
OpenID
https://indieweb.org/OpenID
Redirect
https://indieweb.org/redirect
RelMeAuth
https://indieweb.org/RelMeAuth
Web sign-in
https://indieweb.org/Web_sign-in
References:
¹ https://indieweb.org/.io
² https://en.wikipedia.org/wiki/.io#Phasing_Out
³ https://en.wikipedia.org/wiki/.cs
⁴ E.g. https://indieweb.org/webmention.io or https://indieweb.org/granary.io
⁵ E.g. https://indieweb.org/werd.io
⁶ https://indieweb.org/github.io
This is post 25 of #100PostsOfIndieWeb. #100Posts
← https://tantek.com/2024/283/t1/metaphors-constructive-cooperative-joyful
→ https://tantek.com/2024/287/t1/fediverse-unfollow-bridgyfed-bug
So this is where I'm at now. A not so insignificant OpenID Connect SSO plugin for WordPress that I pretty much maintain on my own will now no longer get updates.
https://wordpress.org/plugins/daggerhart-openid-connect-generic/
https://github.com/oidc-wp/openid-connect-generic/issues/568
@wuffel@social.tchncs.de
Umm, sorry. I've done #mediawiki before but without #OpenID or #Oauth . Firefox did the password stuff for me.
*grfzl*
Is there someone around to give a hint, how to start to integrate a #mediawiki via #OpenID or #Oauth to an #iserv
for the purpose of not having to type passwords separately?
Which modules do you recommend?
@ Miss Em from supporter)
