Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

My problem with it being called OpenID Connect is that, in my head, an OpenID is a noun which means "a URL that you can use as your identity and prove that you own".

That definition doesn't work for OpenID Connect. Is OpenID a noun any more? I don't think it is.



OpenID Connect can totally work that way if used with WebFinger for endpoint discovery, and occasionally this is implemented (though many websites do not).


Hm, so the point of adding this additional hop (which is also a JSON under the .well-known/ prefix), is that I can always put the domain of my homepage into WebFinger aware OIDC login boxes, no need to remember the domain of my OIDC provider?


Yes. This is how, for example, Tailscale implements bring-your-own identity provider: https://tailscale.com/blog/custom-oidc

It is, to date, the only non-selfhosted service with which I can use my self-hosted SSO setup.


I feel like I remember StackOverflow (and related sites) having OpenID login as an option, but I don't see it anymore. I figure they removed it due to low popularity.


> removed it due to low popularity

Gotta get that sweet sweet SSO Tax revenue, and justify it by blaming setup and integration expense for SAML?


Sourceforge used to have it too!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: