Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenID Connect authentication support #1750

Open
metasoarous opened this issue Dec 21, 2023 · 2 comments
Open

OpenID Connect authentication support #1750

metasoarous opened this issue Dec 21, 2023 · 2 comments
Labels
feature-request For new feature suggestions

Comments

@metasoarous
Copy link
Member

metasoarous commented Dec 21, 2023
edited
Loading

Problem:
Identity management right now requires using the XID system. While extremely flexible, using this system requires setting up a separate web property which then embeds conversations.

Suggested solution:
OpenID Connect is a well supported standard among identity providers and would provide something closer to a solution for authenticating against a wide range of identity providers.

Alternative suggestions:

  • Continue to just depend on the flexible XID system for identity management, and possibly put together some templates to make that process easier.

Additional context:

  • This would only really benefit secondary deployments, since we're unlikely to support anything other than Twitter & Facebook on the main pol.is deployment (and may even remove these mechanisms at some point); Setting up and maintaining deployment is already quite a bit of work, so on the one hand, it's perhaps not a ton extra to create a site for embedding conversations, and adding the OpenID integration there, and many custom deployments will want conversations embedded in their own web properties anyway. On the other hand, many applications may not otherwise need conversations to be embedded, and this ultimately adds friction to an already involved process.
  • This may ultimately be quite a bit of work on some of the more involved pieces of the voluminous server portion of the codebase (all the way through to the database), with important security implications at stake.
  • See Additional login providers #97 for past discussion.

Status:
Given the flexibility of the XID system as it stands, and the complications mentioned above, CompDem is unlikely to fund this work ourselves. However, if there is interest in working on this, we'd consider reviewing and merging.
@metasoarous metasoarous added the feature-request For new feature suggestions label Dec 21, 2023
@metasoarous metasoarous mentioned this issue Dec 21, 2023
Closed
6 tasks
@rambip
Copy link

rambip commented Mar 28, 2024

I want to deploy polis to my university. We have a SSO setup, so I would be very interested to have that feature.

I can work on it, I'm quite new to implementing authentication but I can learn how to do it.

I opened this discussion: #1779 to discuss how the login works right now.
The server.ts is a huge file, and maybe it would be nice to broke it up into smaller files. Right now it's hard to work on it.

@jandrieu
Copy link

@metasoarous We definitely would like to see this feature, potentially even to fund something. We're trying to integrate polis with a new membership site and we need some option other than Twitter for login, as the membership site itself needs to be authoritative for logins.

Unfortunately, all I've seen is the REMOVAL of additional logins, making polis even more closed. =(

Are there any plans to support open standards-based SOO?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request For new feature suggestions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@metasoarous @jandrieu @rambip