Could a "login with lemmy" replace all the login with Google/Facebook we see everywhere? - eviltoast

I love the convenience of not having to create a password everywhere I need to be authenticated. It would be interesting to be able to use lemmy instead of feeding more information to these big corporations.

  • poVoq@slrpnk.net
    link
    fedilink
    English
    arrow-up
    20
    ·
    edit-2
    1 year ago

    No, because Lemmy doesn’t support Oauth2 yet. And even if it would support it, at most it could be a “login with lemmy.ml” or similar instance specific button as the protocol requires a specific endpoint.

    Edit: see other comment in this thread. With the OIDC discovery extension to OAuth2 it might be possible, but I haven’t seen that feature being used this way in the wild yet.

      • poVoq@slrpnk.net
        link
        fedilink
        English
        arrow-up
        10
        ·
        edit-2
        1 year ago

        Yes, but that is not how Oauth2/OIDC works (the old OpenID did, but it has been largely abandoned).

        One of the reason this approach was abandoned is that these external login automations are very easily abused for spam if you allow arbitrary instances as the auth endpoint.

        • neutron@thelemmy.club
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          So this is why we’ve been seeing rows of “Login with $SpecificProvider” instead of a universal format using username@provider as we all hoped?

          • poVoq@slrpnk.net
            link
            fedilink
            English
            arrow-up
            5
            ·
            edit-2
            1 year ago

            The old OpenID didn’t see much uptake (because of the spam issue) and the alternative Oauth2 that was AFAIK mostly pushed by Google is clearly designed for the purpose of large centralized providers. So I don’t think there is a direct causality, but yes it is related.

            Never the less Oauth2/OIDC works quite well and is clearly better that most of the alternatives still commonly in use.

        • fbmac@lemmy.fbmac.netOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          1 year ago

          you could accept logins only from instances that have enough trust on fediseer, I think this would work better than the old openid