Just like apps and websites implement “Sign in with Apple” and Google couldn’t we build some kind of federated authentication provider? Then everyone creates an account there and fedi apps can implement an easy way to authenticate users. Even non fedi apps could use it. I imagine user interaction between different fediverse platforms would be much easier too.

I guess could run an auth instance. Ideally everyone would run their own, keeping your data safe.

Is there something likes this already? Saw some discussion here but not much else https://socialhub.activitypub.rocks/t/single-sign-on-for-fediverse/712

  • Gladaed@feddit.org
    link
    fedilink
    English
    arrow-up
    19
    ·
    12 hours ago

    But why? Just use a password manager instead of tying your identity to a Lemmy instance which you do not control.

    Having SSO is reliant on having a single trusted server which has your password instead of you maintaining it yourself. This is just an unnecessary risk.

    • tomatol@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      edit-2
      12 hours ago

      I mean a federated authentication server that you can host yourself if you want.

      I don’t understand what you mean about using a password manager, you can still do that. Also your identity is tied to a lemmy instance right now anyway.

      • Gladaed@feddit.org
        link
        fedilink
        English
        arrow-up
        6
        ·
        11 hours ago

        My Lemmy instance only owns this account, not secondary accounts on separate websites

        • tomatol@lemm.eeOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          10 hours ago

          Right well I guess your concerns also apply to apple sso, google and sso in general. I don’t think it’s something you would use but mainstream users might definitely appreciate the feature.

          • Ulrich@feddit.org
            link
            fedilink
            English
            arrow-up
            5
            ·
            9 hours ago

            No one should be using any of that. People use that because they don’t understand how password managers work.

            • tomatol@lemm.eeOP
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              2
              ·
              9 hours ago

              It sound like this is just not for you then. Yep password managers are not user friendly. Single tap sign in button is. Is it less secure? Probably. You’d still have the option to login regularly.

              After all the fediverse is for social media. It should be easy to use for the masses. It also means you won’t be storing your bank info in a fediverse app so the damage is not that bad if someone hacks you. Instagram and tiktok accounts get hacked all the time btw and it’s not the end of the world.

              • Ulrich@feddit.org
                link
                fedilink
                English
                arrow-up
                3
                ·
                8 hours ago

                password managers are not user friendly.

                It doesn’t sound like you’ve used a password manager

                Single tap sign in button is.

                Single tap sign in is available in password managers via passkeys.

                Is it less secure?

                It is as secure as the service you’re using to sign in. What it’s not is private.

                Again, no one should be using this and we certainly should not be encouraging anyone to use it.

                Instagram and tiktok accounts get hacked all the time btw and it’s not the end of the world.

                For many of those people, it is a giant problem.

      • Ulrich@feddit.org
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        9 hours ago

        I don’t understand what you mean about using a password manager

        There’s no point in using a password manager in your scenario. It’s redundant.

        Also your identity is tied to a lemmy instance right now anyway.

        It’s not, actually. But even if it were I wouldn’t create a profile web of accounts that are all linked together by my Lemmy account.

      • haverholm@kbin.earth
        link
        fedilink
        arrow-up
        1
        ·
        11 hours ago

        I think I understand the self hosted identity server part, and authenticating with it on different sites. But what is the federated element you’re talking about? What would that instance federate, and with whom?

        If we’re moving into a single sign-on for several federated accounts, that’s cool. People have been asking for that for ages! But the identity provider itself wouldn’t (need to) be federated for that to work, right?

        • tomatol@lemm.eeOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          9 hours ago

          I’m guessing it would have to federate with whatever platform decides to implement the single sign on feature. Not sure will leave the details to smarter people haha. Hope some day it could be implemented because it would be pretty useful if it can be done in a secure way.