weird icon indicating copy to clipboard operation
weird copied to clipboard

Published 20 hours ago verified publisher icon commune-os

Compatible Relying Parties

Open erlend-sh opened this issue 1 year ago • 3 comments

Relying Parties is OIDC-speak for web apps.

Requirements.

  • OIDC
    • PKCE – Proof Key for Code Exchange by OAuth Public Clients

We are testing for compatibility with the following RP apps:

IndieWeb

  • [x] Forgejo
  • [x] Linkding
  • [x] Miniflux
  • [ ] OpenGist, pending https://github.com/thomiceli/opengist/issues/227
  • [x] Linkblocks, pending https://github.com/raffomania/linkblocks/pull/51
  • [ ] https://github.com/neodb-social/neodb
  • [ ] Shiori, pending OIDC support
  • [ ] Mattermost
  • [ ] Zulip
  • [ ] Matrix (Conduit), pending OIDC support
  • [ ] Memos

Fediverse

  • [x] Mastodon, https://github.com/mastodon/mastodon/pull/31131
  • [x] ATproto, https://github.com/bluesky-social/atproto/pull/2482
  • [ ] Kitsune
  • [ ] https://github.com/activitypods/activitypods/issues/121
  • [ ] Fedify (??)
  • [ ] GoToSocial, pending https://github.com/superseriousbusiness/gotosocial/issues/2225
  • [ ] Lemmy, https://github.com/LemmyNet/lemmy/pull/4881
  • [ ] https://newsmast.org/

IMG_2384

Alt-web

  • https://kinopio.club/
  • Supabase
  • Glitch
  • Val.town
  • DEV.to
  • GitLab
  • Ghost
  • https://www.are.na/
  • https://neocities.org/
  • Obsidian
  • Wikipedia
  • Proton
  • Memos
  • Tailscale
  • Polar - https://github.com/polarsource/polar/issues/3728
  • https://www.indiethinkers.com/
  • https://getindie.wiki/
  • Kagi

erlend-sh avatar May 24 '24 21:05 erlend-sh

Just tested Gotosocial. Needs PKCE support like OpenGist: https://github.com/superseriousbusiness/gotosocial/issues/2225.

zicklag avatar May 25 '24 17:05 zicklag

Do keep in mind that Mastodon does not implement OIDC for API access, but does for SSO; That is, Mastodon is always an OAuth 2 provider / authorization server, however it can be configured to do SSO via OIDC

That is to say, https://github.com/mastodon/mastodon/pull/30329 is probably entirely unrelated to what you're doing here, which seems to be SSO.

ThisIsMissEm avatar Jul 16 '24 17:07 ThisIsMissEm

So what you'd want for Mastodon SSO to support PKCE is the PKCE configuration options passed to config.omniauth :openid_connect, oidc_options in https://github.com/mastodon/mastodon/blob/e56fb9e4890435ef89b56ef5d1b9a8d0d46ab938/config/initializers/3_omniauth.rb — currently it does not include those options: https://github.com/omniauth/omniauth_openid_connect?tab=readme-ov-file#options-overview

ThisIsMissEm avatar Jul 16 '24 17:07 ThisIsMissEm