Hacker Newsnew | past | comments | ask | show | jobs | submit | willow9886's commentslogin

Check out the open source code on GitHub: https://github.com/panther-labs/panther


I tend to prefer the style GitHub has gone with. Easier to quickly identify new features of interest.


If you prefer that style maybe https://about.gitlab.com/upcoming-releases/ is helpful.


Would be great to be able to "upvote" features.


From a certain perspective, this is what the :+1: and :-1: reaction emojis are for, although I haven't checked to see if those are accessible via the issue API


Of course they are. The problem here is that every issue is locked so no one can react either.


Clickable repo link here:

https://github.com/panther-labs/panther


For those of you interested in this topic, check out Internet Identity Workshop: https://internetidentityworkshop.com/

Great little "un-conference", hosted semi-annually in Mountain View, CA. Where a lot of the nuts and bolts were worked out for OpenID Connect.

In fact, today IIW 29 is coming to a close. Next gathering in April, 2020.


Basically, if you're a large org, you must be an OpenID Provider (OP). Optionally, you might also be a consumer.

If an org supports social login, for instance, they are likely a consumer and a provider.

The user authenticates at an external OP (like Apple or Google), but a local account (or "identity") is always created by the service provider, which should be stored in an OpenID Provider.

> but it's ultimately an identity that Apple owns.

I would say that's slightly inaccurate.. it's ultimately identity information that Apple owns. And of course, Apple owns your account with Apple.

But the minute you "sign in with Apple" to any service, they too are creating a local identity for you (sans password). That identity begins with the information provided by Apple (e.g. name, email address, etc.), but can expand over time to include additional information provided by the user, not Apple.


You are correct in that quite often who implements provider vs consumer depends largely on market position. There is technically no reason Apple can't become a consumer, other than they aren't interested in doing so. Also consider that, should Apple choose to eliminate your account, then you've lost whatever you use Apple to sign in with unless those downstream providers offer some kind of recovery mechanism.


> Also consider that, should Apple choose to eliminate your account, then you've lost whatever you use Apple to sign in with unless those downstream providers offer some kind of recovery mechanism.

Yes, some kind of recovery mechanism, some ability to set a local credential post-registration, or some ability to link and unlink external accounts, e.g. Sign in with Apple, then link your Google, FB, and Github accounts. Then, if you lose access to your Apple account, you still have additional options for authentication.

The latter two options are something I wish more organizations offered..!


Gluu writes its own software, like the OAuth2 Authorization Server, oxAuth, and bundles other open source software like the Shibboleth SAML IDP.


Why not a cloud provider like Google Identity, Okta, OneLogin, etc?


The Gluu Server bundles a fork of OpenDJ 3.0 for persistence, the last open source build. It also supports OpenLDAP, and will soon support Couchbase.


Why? If an author or maintainer of a FOSS project wants to highlight their own work, so the community might too benefit, what's the issue?


Well, calling yourself a unsung hero ... is maybe a bit, well, low. Usually others judge, who is a hero.


This isn't a Show HN post with an open bandwagon. It's about nominating underrecognized achievers, the recognizance of which is only objectively done by someone other than the subject in question.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: