Additional login providers

[patcon]

Right now, we have sign-in via:

• admin interface: Facebook or email
• participation interface: Facebook or Twitter

What other auth providers could or should we consider implementing?

To Do Candidates

• [ ] Add Google auth
  • [ ] For admin login
  • [ ] For participant login (highest priority)
• [ ] Add Twitter auth for admin login
• [ ] Add extensible login system, e.g. Join.tw (very low priority)
• [ ] Add OpenID Connect

_{This issue body was replaced on 2020-06-12.}

[colinmegill]

+1

On Thu, Dec 1, 2016 at 1:36 AM Patrick Connolly notifications@github.com wrote:

Re: https://twitter.com/patconnolly/status/804205365655207936

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/pol-is/issues/issues/3, or mute the thread https://github.com/notifications/unsubscribe-auth/ABsDGWVfhGoIxIFb8CmojfgYU_TMvn5eks5rDpUFgaJpZM4LBLJn .

[crkrenn]

+1 on investigating open-Id can I vote, etc.

Also, Brigade.com open sourced some of their voter Validation tech, and democracy.earth is developing pki crowd sourced citizen validation.

---

Sent from Workspace ONE Boxerhttps://whatisworkspaceone.com/boxer

On May 9, 2020 at 7:19:12 PM PDT, Patrick Connolly notifications@github.com wrote:

Re: https://twitter.com/patconnolly/status/804205365655207936

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/pol-is/polisServer/issues/97, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABOJ5V3CPHAKPM5OV5BR4LDRQYFITANCNFSM4M5BQDIA.

[patcon]

Seem OpenID is barely alive: https://en.wikipedia.org/wiki/OpenID

I'm going to re-scope this from only OpenID, to discussion of additional auth providers. That sound ok?

[patcon]

• Viz of top login providers on top 100 websites in USA and China (2019)
• World Map of Social Networks (2008-2020)
  • full data on 1st place in each country, and some details on 2nd most popular in some years.

@colinmegill says Google is top priority next: https://gitter.im/pol-is/polisDeployment?at=5ee426f82cf2f36eae57823f

[patcon]

From @joshsmith2 in chat 🙌 🙏 : https://wearesocial.com/blog/2020/01/digital-2020-3-8-billion-people-use-social-media (lots of good stuff, but a little scarce on "social login" details, at least in 2020 version)

[patcon]

Added potential todo to issue body:

• [ ] Add Twitter auth for admin login

[patcon]

From @colinmegill 💬 in gitter chat:

I anticipate we’ll end up with Twitter Facebook Google and ‘vanilla polis login'. And maybe hooks for custom systems that make it easier to implement without forking — ie., Join in Taiwan. I've never seen [a hooks system] and don’t know the right pattern. [...] I think it’s appropriate to at least consider given the integration of @urakagi’s work.

---

Some other thoughts on extensibility/pluggability and forking are in the linked chat convo. Added new todo

• [ ] Add extensible login system, e.g. Join.tw (very low priority)

[patcon]

Chat convo about requesting email for login (@metasoarous @colinmegill @patcon) https://gitter.im/pol-is/polisDeployment?at=5f21becabc41f36817320194

[petersg83]

Hi, I would really enjoy that people have the possibility to authenticate without using a private company such as twitter or facebook. The email is the best way for that I think. In order to guarentee that the contributor can't make several accounts, there are different possibilities I see:

• If the discussion targets people inside a company/institution: Participants can only register with their company/institution email (ex: firstname.lastname@myinstitution.com) (or among a set of email domains)
• If the discussion targets random people: The creator of the discussion is the one handling uniqueness by giving codes to the participants. A code can be used once to create an account on pol.is for this specific discussion. The creator decides how to give thoses codes (regarding an existing database of users for example, or by checking ids etc.).

At the same time of adding more flexibility to the loggin system, it also brings the feature of limiting a discussion to a specific set of contibutors. What do you think?

[patcon]

Related: https://github.com/compdemocracy/polis-examples/issues/2#issuecomment-907884261

tl;dr - not a fully integrated solution, but as a workaround, added example of how to use any arbitrary auth provider for gating polis convo access (via Auth0 SaaS provider) by using a simple HTML website functioning as a wrapper app around a polis embed :)

[burnoutberni]

Because OpenID is mentioned above: The de-facto standard today is OpenID Connect, which is gradually replacing SAML and is supported both by cloud authentication providers (Google, Auth0, Okta,…) and FLOSS alternatives like Shibboleth, Keycloak,…

I haven't looked into the code base yet, but this should be rather easy to implement, but very versatile: https://betterprogramming.pub/the-complete-guide-to-oauth-2-0-and-openid-connect-protocols-35ebc1cbc11a

[MauiJerry]

Related: https://github.com/compdemocracy/polis-examples/issues/2#issuecomment-907884261 As of Dec2023 there is no polis-examples repository listed publically.

[metasoarous]

After internal discussion, the only version of this we'd consider is to support OpenID Connect, and even that may be a stretch. As such, I'm closing this issuing and opening #1750 as a more scoped down version of the issue. Please feel free to continue discussion there. Thanks!

[petersg83]

Thank you for the update ! Could you say if you considered email login with a domain filter? and if yes, why you decided to not support this? Thank you