Use new openID Connect support for ipsilon
OpenID 1 as we use it currently is deprecated. OpenID Connect is what all users should switch to.
- Use Google-compatible ipsilon profile via OAuth2
- See https://ipsilon-project.org/doc/example/google-apps.html
- See https://openid.net/developers/specs/
#1 Updated by kraih about 2 months ago
Migration guide from OpenID 2.0 to OpenID Connect. https://openid.net/specs/openid-connect-migration-1_0.html
#2 Updated by kraih about 2 months ago
The Ipsilon documentation is really bad, but the OpenID Connect test might be enough to figure out the URLs. https://pagure.io/ipsilon/blob/master/f/tests/openidc.py
#4 Updated by mkittler about 2 months ago
Apparently OpenID Connect is already activated in ipsilon and smelt uses it: https://gitlab.suse.de/tools/smelt/-/commit/9428004d6a279c26bddd87fff0e99f7dc47f10b2#12ec8689d9458e264dba06e5ba0ab093ed87043f_595_605
bmwiedemann still has to configure something to allow O3 and OSD access (no idea what), but he'll do that later today.
#5 Updated by kraih about 2 months ago
Apparently OpenID Connect does not yet "just work" with
Mojolicious::Plugin::OAuth2 and requires some manual additions to the workflow. https://github.com/convos-chat/convos/commit/80308a7b6fb240dd4f93c743c8a132e2b532114c
There is a fair chance that it will get added as a native feature soon though. If this ever becomes a higher priority i could probably finish the
Mojolicious::Plugin::OAuth2 patch too.