mjtrangoni
commented
4 years ago @ernestask would be Okta an option for you?
Open ernestask opened 4 years ago
mjtrangoni
commented
4 years ago @ernestask would be Okta an option for you?
ernestask
commented
4 years ago Well, for the Fedora instance, we want to keep things as is, but this is more to help internal deployments, where it doesn’t make sense to do so. It’s just to allow using something else, not to switch to a specific product.
mjtrangoni
commented
4 years ago @ernestask yes, that is what I meant. Supporting multiple OpenID providers
djuarezg
commented
4 years ago Even something as basic as local users would be an improvement to avoid FAS OpenID.
ThiefMaster
commented
3 years ago OpenID is not widely used anymore nowadays, It would probably make sense to support OpenID-Connect (OIDC), which is basically OAuth2, just more standardized and tailored towards login instead of accessing APIs like OAuth2 itself.
ernestask
commented
3 years ago This is merely an implementation detail. We don’t even have the necessary abstractions to talk about that right now.
We currently don’t allow anything other than Fedora to provide authentication for us: https://github.com/abrt/faf/blob/c7112a08abc7c84ff0680e970b11f5f86a1b3d6f/src/webfaf/login.py#L18
It would be good to at least be able to configure this. Bonus points for alternative methods.