muni-town / weird

Weird web pages
https://weird.one
Other
43 stars 11 forks source link

Compatible Relying Parties #28

Open erlend-sh opened 5 months ago

erlend-sh commented 5 months ago

Relying Parties is OIDC-speak for web apps.

Requirements.

We are testing for compatibility with the following RP apps:

IndieWeb

Fediverse

IMG_2384

Alt-web

zicklag commented 5 months ago

Just tested Gotosocial. Needs PKCE support like OpenGist: https://github.com/superseriousbusiness/gotosocial/issues/2225.

ThisIsMissEm commented 3 months ago

Do keep in mind that Mastodon does not implement OIDC for API access, but does for SSO; That is, Mastodon is always an OAuth 2 provider / authorization server, however it can be configured to do SSO via OIDC

That is to say, https://github.com/mastodon/mastodon/pull/30329 is probably entirely unrelated to what you're doing here, which seems to be SSO.

ThisIsMissEm commented 3 months ago

So what you'd want for Mastodon SSO to support PKCE is the PKCE configuration options passed to config.omniauth :openid_connect, oidc_options in https://github.com/mastodon/mastodon/blob/e56fb9e4890435ef89b56ef5d1b9a8d0d46ab938/config/initializers/3_omniauth.rb — currently it does not include those options: https://github.com/omniauth/omniauth_openid_connect?tab=readme-ov-file#options-overview