See what CIMD solves for. “Innately centralized” was probably a poor choice of words, but OIDC not a good fit for an open social web with decentralized identities and a plethora of small identity providers that cannot be known upfront.

[–] moonpiedumplings@programming.dev 1 points 1 day ago (1 children)

Forgejo has a feature (that people usually disable) where you can bring your own openid connect url and use it to auth. So if I have my own OIDC provider I am self hosting, I can just use that to log in.

Most people only use it for google and microsoft and whatnot but it's very possible. I don't realkly see what FedCM offers that OIDC doesn't or can't, or why we shouldn't be adding features to the existing and popular OIDC instead.

[–] erlend_sh@lemmy.world 1 points 7 hours ago (1 children)

This requires manually enabling every additional provider. This doesn’t work if some individuals or smaller collectives wanna run their own identity providers, numbering in the thousands.

[–] moonpiedumplings@programming.dev 1 points 7 hours ago* (last edited 6 hours ago)

This requires manually enabling every additional provider.

No, it doesn't. The docs are confusing on this, but forgejo has two methods to enable oauth/oidc. One is to manually enable them, but there is a second, where people bring their own oauth link.

The docs contain 3 things related to oauth:

Oauth provider forgejo acts as oauth for someone else
Ouath client — This is the one where you manually enable providers
But then there is a third config. Openid. This one lets users bring their own openid/oauth link and sign in with that. No manual configuration required on the side of the forgejo server per oauth provider being used.