MbinOrg
SSO
I'm evaluating hosting an mbin instance because I love it's support for basically the entire fediverse, rather than just threads like lemmy. But the site I'd host it on has a zitadel instance handling all the accounts across all the services I'm hosting, so I need to be able to configure mbin such that it can use zitadel as an identity provider.
Kbin supported social logins like Google, Facebook, and GitHub and this feature should work similarly to that, but with the ability to specify the endpoints for either an OIDC issuer, or an oauth auth and token endpoint.
I mean it uses the same OAuth flow the other providers do right? So it really shouldn't be that much work (for one knowing what they're doing :D )
I agree, it shouldn't be too much work. I'm just not at all familiar with php.
While searching for references to Facebook to get a rough idea for the amount of work involved, I noticed mbin also supports keycloak, and also it looks like this line should be referring to the GitHub id, not the Facebook id: https://github.com/MbinOrg/mbin/blob/3e4b44897461f7d6d4d7865af21b045c0ee0c973/src/Security/GithubAuthenticator.php#L64
When I get home I'm going to see if I can put my zitadel instance in the keycloak uri and have it work. I think it should.
This issue is stale because it has been open 50 days with no activity. Remove stale label or comment or this will be closed in 6 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@thepaperpilot did you get anywhere with this? We'd like to require a Drupal account for an instance. The Drupal Association is in the process of moving all official services to Cloud IAM's Keycloak implementation. Once that project is complete, we're hoping to extend the option for quasi-official services the community relies on like https://drupal.community/
https://www.drupal.org/drupalorg/blog/single-sign-on-is-coming-to-drupalorg-thanks-to-cloud-iam
I found it too tricky to make a purely generic/configurable OIDC consumer, so I just implemented zitadel specifically, which is what I needed. I think I'd recommend doing the same for Keycloak.