Activity Pub SSO

oceatoon · March 31, 2023, 8:10am

We are wondering is there something out there using AP as an SSO process
We could install on any AP instance, login with my AP account > enter helloworld@anything.social
this would send a validation process to that account and come back with a registered token
and just like an SSO open the door to contributing inside that instance
does something like this exist ?

helge · March 31, 2023, 10:53am

With ActivityPub Client to Server this is trivally the case, as I described on Helge's blog: BIN-2 Moo Client Registration Flow. It might be possible to modify existing FediVerse software to act as ActivityPub Clients. However, this might be quite involved as one needs to unentangle a lot of stuff.

trwnh · March 31, 2023, 11:01pm

“AP SSO” doesn’t really make sense, since AP is just about transport (POST to inbox).

Look instead to OpenID Connect (generic identity provider, IdP) or IndieAuth (identifying as a URL) or RelMeAuth (like IndieAuth, but using a linked identity with OpenID Connect)

macgirvin · April 3, 2023, 6:10am

That’s nearly a perfect description of OpenWebAuth. It basically uses webfinger and http-signatures, and essentially links your browser session on the current instance to your browser session on your home instance (or instances in the case of Zot/Nomad).

We would promote it as a fediverse specification except for the fact that just like ActivityPub, we’re tying it to an outdated http-signatures spec. I think we should just grab a copy of draft-cavage-http-signatures > 10 and freeze it and call it the fediverse’s supported mechanism - because it already is.

oceatoon · April 4, 2023, 5:19am

That’s super interesting in many ways ,
if we add a verb authenticate + openWebAuth , we could make it run just like a follow
where any user would validate their own account themselves to be a valid user on any other AP plateform
We are going to implement it as if it exist and it will work between 2 communecter instances
if any platform would like to implement it , that would a great begining in giving cross platform multi context contribution capabilities to our AP communities

helge · April 4, 2023, 9:35am

If you implement something with an expectation that other people might want to implement similar things, please consider writing a FEP.