I love the convenience of not having to create a password everywhere I need to be authenticated. It would be interesting to be able to use lemmy instead of feeding more information to these big corporations.

  • enkers
    link
    fedilink
    English
    331 year ago

    The short answer is: No.

    Each site would need to implement this feature themselves. Think of all the potential platforms out there: lemmy, reddit, pinterest, instagram, linkedin, tiktok, snapchat, tumblr, whatsapp, friendster, quora… this list is long. Like REAL long, and Lemmy is nowhere near the top in popularity. Probably not even in the top 50 yet. Why would site developers implement Lemmy sign on over any of these others?

    We did have a concerted effort at some point to adopt openid which was specifically designed to unify all these signons in an open manner, but instead we ran into the Standards Problem: xkcd 927.

    • @lukas@lemmy.haigner.me
      link
      fedilink
      English
      6
      edit-2
      1 year ago

      Yes, I too love standards:

      • OAuth
      • OIDC
      • SAML
      • WS-Federation
      • Kerberos
      • Microsoft Entra Connect Sync V2 for AADConnect
      • CAS

      Then there’s also SCIM to manage accounts, but that’s sort of unrelated. I stared into the abyss and the abyss stares back.

  • Dark Arc
    link
    fedilink
    English
    201 year ago

    To add to what others are saying… you really don’t want or need this anyways. Once passkeys are used broadly or well supported by password managers, logins will be pretty low friction.

    • Scrubbles
      link
      fedilink
      English
      31 year ago

      I’ve seen passkey added to 1password, do you have an eli5ish way of describing that? Is it like ssh keys?

      • Dark Arc
        link
        fedilink
        English
        71 year ago

        If you’re familiar with SSH keys, it’s basically the same thing but written for everything to use rather than just written for SSH.

        Passkeys can also be managed by TPMs/device hardware to provide private keys that (assuming things are properly designed) can’t be stolen and are bound to the device itself. This isn’t a requirement however, which is why things like 1password, Chrome, etc can sync passkeys.

        They’re basically syncing the one-or-more private keys that back your logins.

        • Scrubbles
          link
          fedilink
          English
          11 year ago

          Very neat! I’ll have to try them out on a couple sites

  • poVoq
    link
    fedilink
    English
    20
    edit-2
    1 year ago

    No, because Lemmy doesn’t support Oauth2 yet. And even if it would support it, at most it could be a “login with lemmy.ml” or similar instance specific button as the protocol requires a specific endpoint.

    Edit: see other comment in this thread. With the OIDC discovery extension to OAuth2 it might be possible, but I haven’t seen that feature being used this way in the wild yet.

      • poVoq
        link
        fedilink
        English
        10
        edit-2
        1 year ago

        Yes, but that is not how Oauth2/OIDC works (the old OpenID did, but it has been largely abandoned).

        One of the reason this approach was abandoned is that these external login automations are very easily abused for spam if you allow arbitrary instances as the auth endpoint.

        • @neutron@thelemmy.club
          link
          fedilink
          English
          31 year ago

          So this is why we’ve been seeing rows of “Login with $SpecificProvider” instead of a universal format using username@provider as we all hoped?

          • poVoq
            link
            fedilink
            English
            5
            edit-2
            1 year ago

            The old OpenID didn’t see much uptake (because of the spam issue) and the alternative Oauth2 that was AFAIK mostly pushed by Google is clearly designed for the purpose of large centralized providers. So I don’t think there is a direct causality, but yes it is related.

            Never the less Oauth2/OIDC works quite well and is clearly better that most of the alternatives still commonly in use.

  • @ian
    link
    English
    131 year ago

    There’s no way I’m letting a lemmy instance hold the keys to any of my other accounts.

  • OverfedRaccoon 🦝
    link
    fedilink
    English
    121 year ago

    I feel like logging in with Facebook and Google on sites is just as much about them gaining access to scrape more info about you as it is for your “convenience.” While there could be value with Lemmy, it’s not nearly what it is with Facebook and Google. So I would say not likely.

  • grant 🍞
    link
    fedilink
    English
    6
    edit-2
    1 year ago

    I ran into this issue when writing the Canvas authentication thing

    There is a standard to simplify authentication and identification across the entire web but it isn’t fully implemented everywhere

    OAuth2 is the big name in this, it supplies authorized requests to access data from other companies and services

    OpenID is related to OAuth2 but it only supplies identification in a standardized way. OpenID has mechanisms to announce that a specific domain has support for this and how to automatically register for it (removing the need to have a bunch of login buttons)

    For Canvas 2024 I’m implementing drop in implementations for popular Fediverse software (including Lemmy)

    Hopefully more fedi software implements OAuth2 or at least OpenID to vastly simplify authentication (and possibly replace “login with google”)

    Related Links:

  • @TrickDacy@lemmy.world
    link
    fedilink
    English
    41 year ago

    Personally the single sign on idea, no matter the provider, seems like a shit idea to me. If for any reason a problem occurs you’re locked out of many things instead of one. I mean, password managers solved this problem a long time ago anyway

  • Sam
    link
    fedilink
    English
    31 year ago

    Pixelfed does this with mastodon.