kcoin icon indicating copy to clipboard operation
kcoin copied to clipboard

Published 20 hours ago verified publisher icon kaiyuanshe

Setup a dedicated identity provider for kaiyuanshe.cn

Open adieu opened this issue 6 years ago • 0 comments

Currently the authentication flow is very simple:

+--------+
| Github |
+---+----+
    |
    v
+---+----+
|  Web   |
+---+----+
    |
    v
+---+----+
| Server |
+--------+

To make the whole system more pluggable and welcoming developers from different background, I suggest to setup a dedicated identity provider just like linux foundation did at https://identity.linuxfoundation.org/

The target architecture could be something like this:

+---------+   +--------+   +--------+
| Google  |   | Github |   | Email  |
+----+----+   +---+----+   +----+---+
     |            |             |
     |            |             |
+----v------------v-------------v---+
|           Identity Provider       |
+----+------------+-------------+---+
     |            |             |
     |            |             |
+----v----+   +---v----+   +----v---+
|  Web    |   | Server |   | Store  |
+---------+   +--------+   +--------+

I have experience setting up an identity provider using dex ( https://github.com/dexidp/dex ) with great success. There are other open source idp systems out there. As long as they all support openid connect, we could use any of them.

adieu avatar Dec 14 '18 04:12 adieu