Replies: 3 comments 16 replies
-
SSO is basically the opposite of decentralized of course, but yes with Rauthy you do own your data, you have control over it, and so on. When you have a setup that can dynamically resolve to different SSO providers just for ease of use, fault-tolerance or just for the reason of having different servers like matrix does, then this could make sense again. In the early days, I did all my authn/authz custom as well. The problem is, that it only works with your own apps and everything else just becomes a mess, where you need proxies, adapters, or something like that. I liked Keycloak and what it could do, but I hated that updates often broke stuff for me and that it just consumed too much resources for my liking. Rauthy is not an OAuth provider, but OIDC, which is actually a superset of OAuth. |
Beta Was this translation helpful? Give feedback.
-
Bring your own IDP: https://wrily.foad.me.uk/sign-in-with-big-tech-only-or-sign-in-with-whom-i-prefer Working prototype in chrome canaries: https://github.com/fedidcg/FedCM/issues/240#issuecomment-2004650817 |
Beta Was this translation helpful? Give feedback.
-
Useful references: |
Beta Was this translation helpful? Give feedback.
-
Quick primer on the fediverse and its importance:
Both the primordial fediverse of ActivityPub (Mastodon & friends) as well as the federated Matrix have been mulling over various private-key approaches to the ideal of "nomadic" or "decentralized identity", but I think they’re trying to solve too many deep-rooted problems in one go, keeping them in a holding pattern for many years:
With the convergence of OAuth/OIDC in both protocols there's potential for OAuth self-hosting to serve the function of a minimum-viable ‘nomadic identity’.
This Kitsune issue is an exploration into OAuth as a stepping stone towards what could later grow into a full-fledged Nomadic Identity, but starts off as just a personalized OAuth server.
Rauthy has a clear path into the fediverse ecosystem by providing the OAuth backend for Lemmy, which is already running in production on some thousand instances.
Note that there's a lot of fluctuation and mixups in these spec discussions, but there's now consensus among the core devs that OAuth is a desired feature, first and foremost for SSO, but tentatively also as a provider. For a while a custom implementation was being considered, but it was eventually abandoned in favor of standardizing around OAuth.
Beta Was this translation helpful? Give feedback.
All reactions