Implement OpenID Connect expanding SSO capabilities

[david03g]

"OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner."

If Lichess were to implement this, it would enable SSO apps built on cloud platforms, such as WordPress and Firebase, that have database systems and expanded functionality.

This would make the development process a pleasure and enable the next generation of apps built with Lichess.

[david03g]

Potential frameworks to use: https://github.com/pac4j/http4s-pac4j https://www.playframework.com/documentation/2.8.x/ScalaOpenID https://openid.net/developers/certified/

Potential platforms that could help: https://developers.onelogin.com/openid-connect/enable-app https://www.authlete.com/

Blog resources: https://darutk.medium.com/full-scratch-implementor-of-oauth-and-openid-connect-talks-about-findings-55015f36d1c3

[ErdoganSeref]

I want to work on the issue but I don't know what the outcome should be.

One use case is login via a Google account.

So on the login page there should be a login via Google button.

Implementing OpenID Connect also requires a change in the API.

I read the documentation on OpenID support in Play. Then I found two places to change the code.

In the OAuth controller I would change tokenApply and legacyTokenApply because they both start with an Action like in the tutorial.

I would appreciate guidance on how to tackle the implementation.

[niklasf]

The goal here is that Lichess would be the provider to "Log in with Lichess" on third-party sites.