this post was submitted on 10 Oct 2023
25 points (72.7% liked)

Lemmy

12514 readers
45 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 4 years ago
MODERATORS
 

I love the convenience of not having to create a password everywhere I need to be authenticated. It would be interesting to be able to use lemmy instead of feeding more information to these big corporations.

you are viewing a single comment's thread
view the rest of the comments
[–] fbmac@lemmy.fbmac.net 3 points 1 year ago (1 children)

when you type poVoq@slrpnk.net I already know what instance you're from

[–] poVoq@slrpnk.net 10 points 1 year ago* (last edited 1 year ago) (2 children)

Yes, but that is not how Oauth2/OIDC works (the old OpenID did, but it has been largely abandoned).

One of the reason this approach was abandoned is that these external login automations are very easily abused for spam if you allow arbitrary instances as the auth endpoint.

[–] neutron@thelemmy.club 3 points 1 year ago (1 children)

So this is why we've been seeing rows of "Login with $SpecificProvider" instead of a universal format using username@provider as we all hoped?

[–] poVoq@slrpnk.net 5 points 1 year ago* (last edited 1 year ago)

The old OpenID didn't see much uptake (because of the spam issue) and the alternative Oauth2 that was AFAIK mostly pushed by Google is clearly designed for the purpose of large centralized providers. So I don't think there is a direct causality, but yes it is related.

Never the less Oauth2/OIDC works quite well and is clearly better that most of the alternatives still commonly in use.

[–] fbmac@lemmy.fbmac.net 0 points 1 year ago* (last edited 1 year ago)

you could accept logins only from instances that have enough trust on fediseer, I think this would work better than the old openid