mastodon - Link to source

This weekend project (yes, another one instead of finishing the 100 others) is a #fastcgi handler to implement xep-0070, alnowing to use an #xmpp account to log in to a website. Writing it in #rust as a learning exercise.

I hope to replace "login with google" and the other things I had to add to my website ovwr the years in order to not store people's passwords. This should allow to do it in a decentralized way without forcing any specific provider.

#xmpp #rust #fastcgi
This entry was edited (2 weeks ago)
in reply to PulkoMandy

mastodon - Link to source

Nicoco

I think I achieved something similar by writing a very hacky prosody module modules.prosody.im/mod_http_au… — what you did sound more sane. :)

I even wrote a flarum.org/ plugin that actually uses it, I should clean that up and push it somewhere, someday. Ah, unfinished projects…


The extensible community framework

Best community software; modern, fast and free. For small to enterprise communities.
Flarum
in reply to Nicoco

mastodon - Link to source

PulkoMandy

this seems a bit different, as it would only identify users of that specific server? I'm using xep-0070 which allows to send a confirmation to the xmpp user. I just need to identify people, after that the permissions are handled separately (by Trac in my case).
There is already an implementation as an xmpp component, but that either means running my own xmpp server, or someone sets up the component on their server and it becomes a centralized entry point to xmpp.
@Nicoco
in reply to PulkoMandy

mastodon - Link to source

PulkoMandy

That's similar to the original OpenID, and not quite like the current OAuth and OpenID connect, where you get more than identification (possibly access to the user email address, avatar, and more depending on what the OAuth provider wants to share). And OAuth is not really generic and requires each website to add specific support for each auth provider, resulting in centralization (log in with google/facepook/github/gitlab things)