I was trying out lucia, arctic and oslo on a recent project and had a great experience using these libraries!
Wanting to replace the auth system in another project which currently uses Passport (because it supports authentication via Steam) made me realize, that oslo does not support OpenId, let alone old OpenId 2.0 Steam is using to this day.
I'd really appreciate support for OpenId / Steam auth. One reason being that almost all libraries implementing Steam authentication use an old openid package that hasn't been updated in years (except for some dependency updates). Another reason is that those packages, namely passport and passport-steam, are a bit outdated I feel and are not native TypeScript projects.
I'd be willing to try to put together a PR, but I've never really tinkered with auth at its core. Though, I have looked at packages implementing Steam auth and have a slight idea of how it works. However, replacing openid with something custom has me on edge because I haven't really understood how it works or why you'd need it - and I'd rather not code any vulnerabilities into a package.
I was trying out
lucia
,arctic
andoslo
on a recent project and had a great experience using these libraries!Wanting to replace the auth system in another project which currently uses
Passport
(because it supports authentication via Steam) made me realize, thatoslo
does not support OpenId, let alone old OpenId 2.0 Steam is using to this day.I'd really appreciate support for OpenId / Steam auth. One reason being that almost all libraries implementing Steam authentication use an old openid package that hasn't been updated in years (except for some dependency updates). Another reason is that those packages, namely passport and passport-steam, are a bit outdated I feel and are not native TypeScript projects.
I'd be willing to try to put together a PR, but I've never really tinkered with auth at its core. Though, I have looked at packages implementing Steam auth and have a slight idea of how it works. However, replacing openid with something custom has me on edge because I haven't really understood how it works or why you'd need it - and I'd rather not code any vulnerabilities into a package.