#142 No OpenID login is available | Federated login

Open
opened 5 months ago by diogo · 7 comments
diogo commented 5 months ago

Could you please consider enabling this function in CodeBerg? It would make the adoption of this platform easier.

It bothers many users that they have to enter a full form of personal information in order to just file a bug or make a feature request. Even when it’s to contribute with a Merge Request, many rather just mail me the patches.

OpenID support can easily fix this and support is available in Gitea.

Kind regards,

Could you please consider enabling this function in CodeBerg? It would make the adoption of this platform easier. It bothers many users that they have to enter a full form of personal information in order to just file a bug or make a feature request. Even when it's to contribute with a Merge Request, many rather just mail me the patches. OpenID support can easily fix this and support is available in Gitea. Kind regards,
diogo changed title from No OpenID login is available to No OpenID login is available | Federated login 5 months ago
Ghost commented 5 months ago

It bothers many users that they have to enter a full form of personal information in order to just file a bug or make a feature request. Even when it’s to contribute with a Merge Request, many rather just mail me the patches.

Just use disposable email address and fake name.

> It bothers many users that they have to enter a full form of personal information in order to just file a bug or make a feature request. Even when it's to contribute with a Merge Request, many rather just mail me the patches. Just use disposable email address and fake name.
diogo commented 5 months ago
Poster

Ghost, that’s not what I meant. These contributors aren’t trying to stay anonymous, they just don’t want to have to create one more account in yet another git host. This really is a request to add OpenID functionality in this website...

Ghost, that's not what I meant. These contributors aren't trying to stay anonymous, they just don't want to have to create one more account in yet another git host. This really is a request to add OpenID functionality in this website...
hw commented 5 months ago
Owner

they just don’t want to have to create one more account in yet another git host

that’s exactly the point of alternative git hosting, that users like it and come there ;)

If there is nothing wrong with “the other (previous) git host”, there would be no need for this platform.

Also please bear in mind that users would still have to confirm their email and set up authentification credential/u2f, as OpenID is by design susceptible to phishing, tracking, hijacking and privacy attacks unless a direct login is established after the initial handshake (short outline in the wikipedia article).

> they just don't want to have to create one more account in yet another git host that's exactly the point of alternative git hosting, that users like it and come there ;) If there is nothing wrong with "the other (previous) git host", there would be no need for this platform. Also please bear in mind that users would still have to confirm their email and set up authentification credential/u2f, as OpenID is by design susceptible to phishing, tracking, hijacking and privacy attacks unless a direct login is established after the initial handshake (short outline in the wikipedia article).
diogo commented 5 months ago
Poster

If there is nothing wrong with “the other (previous) git host”, there would be no need for this platform.

But, @hw, users might enjoy gitlab and want to contribute on a project hosted in codeberg - it doesn’t mean they think there’s something wrong with GitLab. In the described scenario, they just would like to reduce the number of accounts they have to maintain around in order to contribute to the various different projects they support.

Also please bear in mind that users would still have to confirm their email and set up authentification credential/u2f, as OpenID is by design susceptible to phishing, tracking, hijacking and privacy attacks unless a direct login is established after the initial handshake (short outline in the wikipedia article).

The protocol had it struggles, as many did. It’s fairly safe these days as long as it is properly implemented and, as you’ve noted, “a direct login is established after the initial handshake”.

Anyway, if you feel something like OpenID goes against CodeBerg’s ideals, I’m okay about it.

To give some context, I’m hosting GNU social at https://notabug.org/diogo/gnu-social after we had some issues with the canonical repository. Unfortunately, NotABug doesn’t promote much technical support and lately has revealed a couple of instabilities, limitations and - ironically - bugs.

I was, therefore, studying the possibility of moving the current repository to another git host that aligns well with GNU social’s community ideals.

> If there is nothing wrong with “the other (previous) git host”, there would be no need for this platform. But, @hw, users might enjoy gitlab and want to contribute on a project hosted in codeberg - it doesn't mean they think there's something wrong with GitLab. In the described scenario, they just would like to reduce the number of accounts they have to maintain around in order to contribute to the various different projects they support. > Also please bear in mind that users would still have to confirm their email and set up authentification credential/u2f, as OpenID is by design susceptible to phishing, tracking, hijacking and privacy attacks unless a direct login is established after the initial handshake (short outline in the wikipedia article). The protocol had it struggles, as many did. It's fairly safe these days as long as it is properly implemented and, as you've noted, "a direct login is established after the initial handshake". Anyway, if you feel something like OpenID goes against CodeBerg's ideals, I'm okay about it. To give some context, I'm hosting GNU social at https://notabug.org/diogo/gnu-social after we had some issues with the canonical repository. Unfortunately, NotABug doesn't promote much technical support and lately has revealed a couple of instabilities, limitations and - ironically - bugs. I was, therefore, studying the possibility of moving the current repository to another git host that aligns well with GNU social's community ideals.
hw commented 5 months ago
Owner

I’m hosting GNU social

sounds like a perfect fit to Codeberg.org’s aims! Welcome!

btw, maybe you want to have a chat with @ashimokawa : as it turned out, initial worries that users might hesitate to follow with issues, PRs and contributions turned out to be unjustified ;)

> I'm hosting GNU social sounds like a perfect fit to Codeberg.org's aims! Welcome! btw, maybe you want to have a chat with @ashimokawa : as it turned out, initial worries that users might hesitate to follow with issues, PRs and contributions turned out to be unjustified ;)

Merely tangential, but this ability - among others - is what ForgeFed is aiming to provide. Instead of a list of OAuth providers to support (github, gitlab, indieauth, etc.) it is then possible to access code forges with your fediverse account, or - if they support ForgeFed - with your existing forge account.

See: https://forgefed.peers.community/
Forum: https://talk.feneas.org/c/forgefed
Forges considered: https://notabug.org/peers/forgefed/issues/59
Gitea issue: https://github.com/go-gitea/gitea/issues/9045

Merely tangential, but this ability - among others - is what ForgeFed is aiming to provide. Instead of a list of OAuth providers to support (github, gitlab, indieauth, etc.) it is then possible to access code forges with your fediverse account, or - if they support ForgeFed - with your existing forge account. See: https://forgefed.peers.community/ Forum: https://talk.feneas.org/c/forgefed Forges considered: https://notabug.org/peers/forgefed/issues/59 Gitea issue: https://github.com/go-gitea/gitea/issues/9045
boud commented 1 month ago

@circlebuilder Excellent! I was going to propose the Forgefed idea and I’m glad to not be able to claim any credit for the idea (well, I guess I independently rediscovered it...)

I’m wondering if this should count I think that ForgeFed should remain as a separate issue - which exists as issue #49, since it goes a lot beyond just logging in, it’s about general social networking across independent git repository hosts.

It’s not really an issue with Codeberg, though, it’s rather something to bring to the attention of Codeberg users and developers/maintainers, some of whom might wish to contribute to Forgefed. To me this would seem to be a major step in helping people move off github/bitbucket/gitlab. Federations are generally better than centralised monopolies. Maybe it’s just enough to add more discussion on this issue - 142 - for the moment.

@circlebuilder Excellent! I was going to propose the Forgefed idea and I'm glad to _not_ be able to claim any credit for the idea (well, I guess I independently rediscovered it...) ~~I'm wondering if this should count~~ I think that ForgeFed should remain as a separate issue - which exists as issue #49, since it goes a lot beyond just logging in, it's about general social networking across independent git repository hosts. It's not really an issue with Codeberg, though, it's rather something to bring to the attention of Codeberg users and developers/maintainers, some of whom might wish to contribute to Forgefed. To me this would seem to be a major step in helping people move off github/bitbucket/gitlab. Federations are generally better than centralised monopolies. ~~Maybe it's just enough to add more discussion on this issue - 142 - for the moment.~~
Sign in to join this conversation.
No Milestone
No Assignees
5 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.