Is there anything akin to a federated forum login? (lemmy.giftedmc.com)

submitted 9 months ago by haui_lemmy@lemmy.giftedmc.com to c/opensource@lemmy.ml

19 comments fedilink hide all child comments

cross-posted from: https://lemmy.giftedmc.com/post/78147

cross-posted from: https://lemmy.giftedmc.com/post/78146

Hi folks! Today I have asked myself if I could login with one (no, not google or apple or micosoft) account in all the (30 I think) forums that I have to use as a FOSS admin. Nextcloud Forum, Ubuntu Forum, Mint forum, Makemkv Forum, Papermc Forum, linux.org, etc.

We obviously are on a forum-like social platform but we cant make people use this as their forum I suppose. Ideally, I'd like to federate "all forums" so to speak but that would probably take a shit ton of work. https://socialhub.activitypub.rocks/t/does-this-forum-use-activitypub/2545/2

If not federate the content, maybe federate the logins. So that the profiles federate from one place to the next and you can login anywhere without having 30 different passwords for one "service" (forum in this case).

The next step down would be a foss SSO solution. There seem to be some but I hardly see any pages mention them possibility at all. https://sennovate.com/best-open-source-single-sign-on-solutions/

Am I missing something or is this still in the distant future?

Thanks for reading. Have a good one.

all 20 comments

sorted by: hot top controversial new old

[-] leraje@lemmy.blahaj.zone 10 points 9 months ago

ActivityPods are being developed. From their website:

What is the main shortcoming of ActivityPub ?

ActivityPub wants to make it possible to create decentralized apps. But to post videos, you need an account on a PeerTube instance. And to post images, you need an account on a PixelFed instance. You must thus handle multiple accounts, with their profile, list of followers, etc.

How does ActivityPods solve this shortcoming ?

With ActivityPods, you have only one profile, one outbox, one inbox and one list of followers - all in a single place. Applications connect to your Pod to post activities, read the inbox and fetch data. And of course they can connect to any existing fediverse application !

[-] haui_lemmy@lemmy.giftedmc.com 1 points 9 months ago

That is equally awesone and insane! Thank you very much for lmk! I‘m so curious now!

[-] iopq@lemmy.world 7 points 9 months ago

It's called private/public key pair. If you give the public key to a website, they can let you in as long as you have the private key to encrypt a message that matches the pubic key.

As such, your public key is safe to share and you can always verify yourself as the owner of the private key if you have it.

SSH log in works like this.

[-] haui_lemmy@lemmy.giftedmc.com 2 points 9 months ago

I mean, I use this for github and my servers but I never had the idea to use this for login purposes! Thats pretty awesone. Any idea if that is possible to use somewhere?

[-] lemmyvore@feddit.nl 2 points 9 months ago

Yes, it's called passkeys aka WebAuthn and it's in the process of being widely implemented everywhere.

[-] haui_lemmy@lemmy.giftedmc.com 1 points 9 months ago

Thats very cool. Thanks for letting me know.

[-] sweng@programming.dev 4 points 9 months ago* (last edited 9 months ago)

Isn't OIDC basically what you want? You just need to convince the forums to use it.

[-] haui_lemmy@lemmy.giftedmc.com 1 points 9 months ago

Probably I suppose. Thanks for mentioning it.

[-] atomkarinca@lemmygrad.ml 3 points 9 months ago

i don't know if all of those forum software supports this but this is why we have OpenLDAP for. you can have username as a login criterion and not full username@site.tld. that way when you create a user in one place, you would have that same user everywhere.

[-] haui_lemmy@lemmy.giftedmc.com 0 points 9 months ago

I only know ldap from corporate infrastructure when you have 1000 users and 1000 computers which get switched. Can you elaborate why this would work with forums and social media (if they had support)?

[-] atomkarinca@lemmygrad.ml 2 points 9 months ago* (last edited 9 months ago)

ldap is a central authority server. when you have ldap supported software, you can alliviate authorization to a central server. and if you make it so that you only need username for credentials (uid=%s,dc=example,dc=com in ldap jargon), you centralize your user database.

that's what i use on my home server. it takes most of the user registration hassle away.

edit: by the way dc=example,dc=com is just an arbitrary value, you don't have to have certbot certification for that or anything.

[-] haui_lemmy@lemmy.giftedmc.com 1 points 9 months ago

Interesting! Thanks for elaborating.

[-] maniel@beehaw.org 3 points 9 months ago

There is OpenID, it was all the rage about a decade ago

[-] haui_lemmy@lemmy.giftedmc.com 1 points 9 months ago

Yeah, I‘ve heard about that.

[-] helenslunch@feddit.nl 2 points 9 months ago* (last edited 9 months ago)

If you do that you're just connecting your activity across the web. That's why all the data-mining companies have those login systems.

[-] haui_lemmy@lemmy.giftedmc.com 1 points 9 months ago

Hmmm… makes sense. But you could have an alias on every site so only you know that its you? (I have the same nickname everywhere so people can find me, I suppose its not a problem for everyone).

[-] Penguincoder@beehaw.org 2 points 9 months ago

There is an identity protocol for achieving that, called zot. However it requires the forums/sites you're visiting to have Zot implemented. That is likely not the case, as Zot is way less prevalent than even ActivityPub.