On Thu, Feb 03, 2022 at 07:16:01AM -0800, Jan Staněk wrote: > Hi list, > > tl;dr: Why is the Fedora ID server using HTTP communication by default? Fedora openid is using http because long ago when we started offering openid users were 'http://username.id.fedoraproject.org' and thus were tied to this identity. If we changed it, everyone using that openid would be a new different person to whoever they were authenticating. Some things to note: * openid is old, most places have dropped it. * There's only a few of our applications still using it and we are actively working on moving them off this year. * ipsilon (our current idp) does support openid, but there has been some thought of moving to keycloak, and it does not. For how openid works patrick did a class a long while back: https://meetbot-raw.fedoraproject.org/fedora-classroom/2013-02-22/fas-openid-class.2013-02-22-18.00.html really these days you want to move to OIDC or the like. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
