friend icon indicating copy to clipboard operation
friend copied to clipboard
verified publisher icon cemerick

Eliminate "classic" OpenId support

Open cemerick opened this issue 12 years ago • 8 comments

cemerick avatar Jan 13 '13 15:01 cemerick

Are you still considering doing this? Also it might make sense to do something similar for http-basic for consistency reason, to cleanly separate core from specifics and because it depends on commons-codec.

If you are ok with it I would be happy to move forward and proceed with the split. BTW any preferences between lein-modules and lein-sub? lein-modules seems like a stronger alternative.

jeluard avatar Sep 07 '14 12:09 jeluard

Yes, this needs to happen. But, I was going to put the code in a separate repo, not just a separate project. The pains and needs of those working with OpenID shouldn't necessarily affect friend releases, and vice versa.

But, I could live with a lein-modules arrangement, if you're game for setting that up.

cemerick avatar Sep 09 '14 03:09 cemerick

Actually a separate repo is probably much simpler and reduce the general noise. That's probably the best option. Let me know how I can help if you follow this path.

jeluard avatar Sep 09 '14 04:09 jeluard

Unless you're interested in taking over maintenance of the OpenID workflow entirely, I think it's something I just need to make time to do. If that's something you are interested in, then there's all sorts of details that should be worked out…

cemerick avatar Sep 09 '14 04:09 cemerick

Honestly I am not very interested in maintaining it. Actually I was curious about the state of this issue because I don't use openid and all the weird libraries it pulls scare me a little :)

jeluard avatar Sep 09 '14 04:09 jeluard

Heh, understandable. So, hopefully I'll get around to this sooner rather than later. Until then, :exclusions is your friend (ba-da-dum!).

cemerick avatar Sep 09 '14 04:09 cemerick

Changing this to eliminate the "legacy" openid support entirely. OpenId has transitioned to be a layer on top of oauth (called "OpenId Connect"), and there is already a workflow for this incarnation of it: https://github.com/Mayvenn/friend-google-openid

More generally, it's clear that oauth is the authz protocol going forward, flavoured as it is by various additional standards and implementations. This makes the decision to nix "classic" openid support much easier.

cemerick avatar Jan 05 '17 16:01 cemerick

Steam, the largest digital distribution platform for PC gaming, uses OpenID 2.0 still and apparently has no plans to change this (more info). It'd be really great if this could be kept in Friend for the upcoming release, rather than being removed, since there are clearly still some big players in the game who're using it.

I don't know what its maintenance costs are but, for a non-volatile spec which has been implemented and is working, I'd guess it's not too high. Aside from assumed lack of need, are there key reasons for removing OpenID 2.0 support?

jeaye avatar Jul 11 '18 05:07 jeaye