Re: Salsa as authentication provider for Debian
On Tue, Apr 7, 2020 at 6:23 PM Bastian Blank wrote:
> No, not really. The services ask the SSO service for the identity of
> the user and get an attestation back. So each service needs to handle
> it's own login.
Hmm, the OIDC documentation I've been able to find seemed to indicate
the login request on a service gets redirected to the OIDC provider,
which then redirects back to the service.
Is there any documentation and diagrams on the typical request flows
between the browser the servers involved that happens with OIDC?
Is there an OIDC demo site somewhere so that I can see the requests
between the browser and the servers involved and see which browser
features OIDC uses and requires in practice?
> However, I don't know how a moderation workflow should work.
I'd like to see this happen via a "welcome" team. You register an
account with a paragraph about why you're signing up, your account
gets moderated and you receive a welcome email from the team with tips
related to your signup paragraph and to the service where you started
the registration flow, for eg people starting their registration on
the wiki might get a link to the wiki editor guide.
https://wiki.debian.org/Welcome
> How many new users per day do you get?
Usually one or two users per day to moderate between Steve and myself,
sometimes more, especially during events. Our setup is less optimal
for people who don't have email addresses or read errors so there are
probably some who aren't contacting us to get an account. Also, to
reduce friction for existing FLOSS folks we have a list of related
email domains that do not need prior approval.
Do we know which other FLOSS related groups Debian's OIDC setup could
leverage for additional context at initial account creation? Or are we
thinking that we would use email, GitHub, GitLab, Twitter, Facebook
etc for that?
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: