Open ernestask opened 4 years ago
@ernestask would be Okta an option for you?
Well, for the Fedora instance, we want to keep things as is, but this is more to help internal deployments, where it doesn’t make sense to do so. It’s just to allow using something else, not to switch to a specific product.
@ernestask yes, that is what I meant. Supporting multiple OpenID providers
Even something as basic as local users would be an improvement to avoid FAS OpenID.
OpenID is not widely used anymore nowadays, It would probably make sense to support OpenID-Connect (OIDC), which is basically OAuth2, just more standardized and tailored towards login instead of accessing APIs like OAuth2 itself.
This is merely an implementation detail. We don’t even have the necessary abstractions to talk about that right now.
We currently don’t allow anything other than Fedora to provide authentication for us: https://github.com/abrt/faf/blob/c7112a08abc7c84ff0680e970b11f5f86a1b3d6f/src/webfaf/login.py#L18
It would be good to at least be able to configure this. Bonus points for alternative methods.