I’m working on an extension to FedCM that would allow anyone to bring their own IdP to create accounts on other websites, and I’m wondering - given the recent engagement in [1] - if IndieBits would be interested in co-designing this API with us by using the FedCM API with the “any” option.
Any chance this would be interesting to this community?
[1] Maybe the token format should be specified? · Issue #561 · fedidcg/FedCM · GitHub
Hi @samuelgoto! Sorry for the late response. Had a long weekend and was traveling.
First of all, I really appreciate the work you’re doing with FedCM and would love to help get it off the ground.
I’m definitely interested in building a prototype. However, I’m not sure IndieBits would be the best place to do it. The first problem is this is currently a rather small community. It mostly consists of people coming here for support for boringproxy and TakingNames.io. There aren’t a lot of conversations happening outside of that. I hope that changes over time, but it’s the current reality.
The second problem is that IndieBits currently runs on Discourse, which I would prefer to move away from in the future. Discourse is awesome, but it’s complex, slow, and written in Ruby. What I’d really love to have is a simple forum built on ActivityPub. I’ve started working on a prototype but it’s just a small side project at the moment with relatively low priority.
In any case, I don’t know Ruby and would prefer not to learn it just to implement a feature/plugin for Discourse.
I would be much more likely to implement this for LastLogin.io (which runs on obligator), but I’m not sure that would be much help either. It’s already confusing enough that LastLogin stands between you and Google/GiHub/etc. If it stood between you and something completely new like FedCM it might be very confusing for users.
That and LastLogin doesn’t have many users either, so again not sure it’s bringing much value to your mission.
My suggestion would be to find a popular open source project with users that are likely to appreciate FedCM, and the project would be open to having this implemented. If you can find such a project written in Go or Rust I would be open to working on a prototype. Perhaps something that is primarily self-hosted would be useful. You might also consider reaching out to Tailscale. They support BYO OIDC with WebFinger, which is already way more than most. Also a log of ex googlers there.
Meanwhile, if I build FedCM IdP support into LastLogin, that would give those users a login provider to use.
I really do think we need something like FedCM and I’m motivated to help make it happen. I’ll try to think if I can come up with any candidate projects as well. @erlend_sh @zicklag any ideas?
We are working on setting up Weird (backed by Rauthy) as a minimal Identity Provider.
We will test that against a linkblocks instance as a Relying Party. That’ll happen in two stages:
Once we’ve proven this out, we’ll submit the same kind of PR combo as a draft to a Relying Party that’s actually running in production; most likely Omnivore, which we’ve contributed a bit to already. Will probably take a while to get that approved for production use, but I don’t see much getting in the way of a working proof-of-concept.
I’ve chatted a bit with the maintainer of Shiori and he’s also quite receptive to these ideas. That could be another good candidate for a FedCM PR. Miniflux is also a good candidate.
The first problem is this is currently a rather small community.
I’m thinking that this is a feature, not a bug: a small (but tech savy) community may have more the inclination to bring their own identity than a large / ossified one.
I really do think we need something like FedCM and I’m motivated to help make it happen. I’ll try to think if I can come up with any candidate projects as well.
I appreciate the kind words and I’d love to find ways for our communities to work together! LMK if anything occurs to you and I’d love to reconnect to find ways to work together!
Best of luck, Sam