#fedcm — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #fedcm, aggregated by home.social.
-
One thing I really like about ATProto/Atmosphere is the concept of a PDS, or Personal Data Server, storing all your account data.
The other day someone announced https://bookhive.buzz, basically ATProto take on https://bookwyrm.social, but unlike Bookwyrm, which requires you to create a separate account, Bookhive lets you log in with your PDS, most commonly your Bluesky account.
That's actually pretty neat.
And we could have something similar with Federated Credential Management (FedCM).
https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
Here's a GitHub issue requesting this for Mastodon:
https://github.com/mastodon/mastodon/issues/4800
#fediverse #mastodon #FedCM #indieauth #SocialMedia #ATProto #PDS
-
One thing I really like about ATProto/Atmosphere is the concept of a PDS, or Personal Data Server, storing all your account data.
The other day someone announced https://bookhive.buzz, basically ATProto take on https://bookwyrm.social, but unlike Bookwyrm, which requires you to create a separate account, Bookhive lets you log in with your PDS, most commonly your Bluesky account.
That's actually pretty neat.
And we could have something similar with Federated Credential Management (FedCM).
https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
Here's a GitHub issue requesting this for Mastodon:
https://github.com/mastodon/mastodon/issues/4800
#fediverse #mastodon #FedCM #indieauth #SocialMedia #ATProto #PDS
-
One thing I really like about ATProto/Atmosphere is the concept of a PDS, or Personal Data Server, storing all your account data.
The other day someone announced https://bookhive.buzz, basically ATProto take on https://bookwyrm.social, but unlike Bookwyrm, which requires you to create a separate account, Bookhive lets you log in with your PDS, most commonly your Bluesky account.
That's actually pretty neat.
And we could have something similar with Federated Credential Management (FedCM).
https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
Here's a GitHub issue requesting this for Mastodon:
https://github.com/mastodon/mastodon/issues/4800
#fediverse #mastodon #FedCM #indieauth #SocialMedia #ATProto #PDS
-
One thing I really like about ATProto/Atmosphere is the concept of a PDS, or Personal Data Server, storing all your account data.
The other day someone announced https://bookhive.buzz, basically ATProto take on https://bookwyrm.social, but unlike Bookwyrm, which requires you to create a separate account, Bookhive lets you log in with your PDS, most commonly your Bluesky account.
That's actually pretty neat.
And we could have something similar with Federated Credential Management (FedCM).
https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
Here's a GitHub issue requesting this for Mastodon:
https://github.com/mastodon/mastodon/issues/4800
#fediverse #mastodon #FedCM #indieauth #SocialMedia #ATProto #PDS
-
One thing I really like about ATProto/Atmosphere is the concept of a PDS, or Personal Data Server, storing all your account data.
The other day someone announced https://bookhive.buzz, basically ATProto take on https://bookwyrm.social, but unlike Bookwyrm, which requires you to create a separate account, Bookhive lets you log in with your PDS, most commonly your Bluesky account.
That's actually pretty neat.
And we could have something similar with Federated Credential Management (FedCM).
https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
Here's a GitHub issue requesting this for Mastodon:
https://github.com/mastodon/mastodon/issues/4800
#fediverse #mastodon #FedCM #indieauth #SocialMedia #ATProto #PDS
-
Have you looked at FedCM yet?
Here is short video explaining what it is, and why the idp-registration feature could matter a lot for decentralized identity and login UX.
Learn more at https://liquid.surf/fedcm
-
Have you looked at FedCM yet?
Here is short video explaining what it is, and why the idp-registration feature could matter a lot for decentralized identity and login UX.
Learn more at https://liquid.surf/fedcm
-
Have you looked at FedCM yet?
Here is short video explaining what it is, and why the idp-registration feature could matter a lot for decentralized identity and login UX.
Learn more at https://liquid.surf/fedcm
-
Have you looked at FedCM yet?
Here is short video explaining what it is, and why the idp-registration feature could matter a lot for decentralized identity and login UX.
Learn more at https://liquid.surf/fedcm
-
Have you looked at FedCM yet?
Here is short video explaining what it is, and why the idp-registration feature could matter a lot for decentralized identity and login UX.
Learn more at https://liquid.surf/fedcm
-
This is pretty darn cool. I don't know a lot about IdP registration, but it looks like this could improve the Sign-In flow in decentralized ecosystems.
Did I copy pasta a lot of that to try and entice you to watch this video? Yes, yes I did.
-
This is pretty darn cool. I don't know a lot about IdP registration, but it looks like this could improve the Sign-In flow in decentralized ecosystems.
Did I copy pasta a lot of that to try and entice you to watch this video? Yes, yes I did.
-
This is pretty darn cool. I don't know a lot about IdP registration, but it looks like this could improve the Sign-In flow in decentralized ecosystems.
Did I copy pasta a lot of that to try and entice you to watch this video? Yes, yes I did.
-
This is pretty darn cool. I don't know a lot about IdP registration, but it looks like this could improve the Sign-In flow in decentralized ecosystems.
Did I copy pasta a lot of that to try and entice you to watch this video? Yes, yes I did.
-
This is pretty darn cool. I don't know a lot about IdP registration, but it looks like this could improve the Sign-In flow in decentralized ecosystems.
Did I copy pasta a lot of that to try and entice you to watch this video? Yes, yes I did.
-
Entendi corretamente?
O FedCM usa a própria API do navegador pra criar pop-up de login sem ter que enviar cookies ou sessão pras plataformas de login social?
Dá pra validar o usuário no IdP institucional sem expor tanto as contas aos rastreadores dos sites
https://developer.chrome.com/docs/identity/fedcm/overview?hl=pt-br
-
Entendi corretamente?
O FedCM usa a própria API do navegador pra criar pop-up de login sem ter que enviar cookies ou sessão pras plataformas de login social?
Dá pra validar o usuário no IdP institucional sem expor tanto as contas aos rastreadores dos sites
https://developer.chrome.com/docs/identity/fedcm/overview?hl=pt-br
-
Entendi corretamente?
O FedCM usa a própria API do navegador pra criar pop-up de login sem ter que enviar cookies ou sessão pras plataformas de login social?
Dá pra validar o usuário no IdP institucional sem expor tanto as contas aos rastreadores dos sites
https://developer.chrome.com/docs/identity/fedcm/overview?hl=pt-br
-
Entendi corretamente?
O FedCM usa a própria API do navegador pra criar pop-up de login sem ter que enviar cookies ou sessão pras plataformas de login social?
Dá pra validar o usuário no IdP institucional sem expor tanto as contas aos rastreadores dos sites
https://developer.chrome.com/docs/identity/fedcm/overview?hl=pt-br
-
Entendi corretamente?
O FedCM usa a própria API do navegador pra criar pop-up de login sem ter que enviar cookies ou sessão pras plataformas de login social?
Dá pra validar o usuário no IdP institucional sem expor tanto as contas aos rastreadores dos sites
https://developer.chrome.com/docs/identity/fedcm/overview?hl=pt-br
-
if you're interested in #atproto getting a better sign-in flow in browsers, please give this a thumbs up. #FedCM also if u know more about how this would benefit you, leave a comment following their template! github.com/web-platform...
Federated credential managemen... -
#FedCM is a proposed standard API for frictionless, privacy-preserving 𝐟𝐞𝐝𝐞𝐫𝐚𝐭𝐞𝐝 𝐥𝐨𝐠𝐢𝐧 on the web.
👉 Simplifies login for both 𝐮𝐬𝐞𝐫𝐬 & 𝐝𝐞𝐯𝐞𝐥𝐨𝐩𝐞𝐫𝐬.
✅ Already supported in 𝐂𝐡𝐫𝐨𝐦𝐢𝐮𝐦 𝐛𝐫𝐨𝐰𝐬𝐞𝐫𝐬.📰 Dive deeper in this #InfoQ article by Dan Moore: https://bit.ly/4n9BKcY
-
#FedCM is a proposed standard API for frictionless, privacy-preserving 𝐟𝐞𝐝𝐞𝐫𝐚𝐭𝐞𝐝 𝐥𝐨𝐠𝐢𝐧 on the web.
👉 Simplifies login for both 𝐮𝐬𝐞𝐫𝐬 & 𝐝𝐞𝐯𝐞𝐥𝐨𝐩𝐞𝐫𝐬.
✅ Already supported in 𝐂𝐡𝐫𝐨𝐦𝐢𝐮𝐦 𝐛𝐫𝐨𝐰𝐬𝐞𝐫𝐬.📰 Dive deeper in this #InfoQ article by Dan Moore: https://bit.ly/4n9BKcY
-
#FedCM is a proposed standard API for frictionless, privacy-preserving 𝐟𝐞𝐝𝐞𝐫𝐚𝐭𝐞𝐝 𝐥𝐨𝐠𝐢𝐧 on the web.
👉 Simplifies login for both 𝐮𝐬𝐞𝐫𝐬 & 𝐝𝐞𝐯𝐞𝐥𝐨𝐩𝐞𝐫𝐬.
✅ Already supported in 𝐂𝐡𝐫𝐨𝐦𝐢𝐮𝐦 𝐛𝐫𝐨𝐰𝐬𝐞𝐫𝐬.📰 Dive deeper in this #InfoQ article by Dan Moore: https://bit.ly/4n9BKcY
-
#FedCM is a proposed standard API for frictionless, privacy-preserving 𝐟𝐞𝐝𝐞𝐫𝐚𝐭𝐞𝐝 𝐥𝐨𝐠𝐢𝐧 on the web.
👉 Simplifies login for both 𝐮𝐬𝐞𝐫𝐬 & 𝐝𝐞𝐯𝐞𝐥𝐨𝐩𝐞𝐫𝐬.
✅ Already supported in 𝐂𝐡𝐫𝐨𝐦𝐢𝐮𝐦 𝐛𝐫𝐨𝐰𝐬𝐞𝐫𝐬.📰 Dive deeper in this #InfoQ article by Dan Moore: https://bit.ly/4n9BKcY
-
#FedCM is a proposed standard API for frictionless, privacy-preserving 𝐟𝐞𝐝𝐞𝐫𝐚𝐭𝐞𝐝 𝐥𝐨𝐠𝐢𝐧 on the web.
👉 Simplifies login for both 𝐮𝐬𝐞𝐫𝐬 & 𝐝𝐞𝐯𝐞𝐥𝐨𝐩𝐞𝐫𝐬.
✅ Already supported in 𝐂𝐡𝐫𝐨𝐦𝐢𝐮𝐦 𝐛𝐫𝐨𝐰𝐬𝐞𝐫𝐬.📰 Dive deeper in this #InfoQ article by Dan Moore: https://bit.ly/4n9BKcY
-
-
-
-
-
-
What's a good example for #FedCM in the wild? Are there any yet?
FedCM=Federated Credential Management https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
-
What's a good example for #FedCM in the wild? Are there any yet?
FedCM=Federated Credential Management https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
-
What's a good example for #FedCM in the wild? Are there any yet?
FedCM=Federated Credential Management https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
-
What's a good example for #FedCM in the wild? Are there any yet?
FedCM=Federated Credential Management https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
-
What's a good example for #FedCM in the wild? Are there any yet?
FedCM=Federated Credential Management https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
-
Indie social sign-in could go mainstream
https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream
submitted by erlend_sh to fediverse3 points | 0 commentshttps://blog.erlend.sh/indie-social-sign-in-could-go-mainstreamBack in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using -
Indie social sign-in could go mainstream
https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream
submitted by erlend_sh to fediverse3 points | 0 commentshttps://blog.erlend.sh/indie-social-sign-in-could-go-mainstreamBack in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using -
Indie social sign-in could go mainstream
https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream
submitted by erlend_sh to fediverse3 points | 0 commentshttps://blog.erlend.sh/indie-social-sign-in-could-go-mainstreamBack in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using -
Back in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.
https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream
-
Back in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.
https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream
-
Back in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.
https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream
-
Back in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.
https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream
-
Back in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.
https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream
-
Anyone interested in single sign-on / #SSO? Want a new toy to play with? I've been experimenting with it recently, and now I've got something to share: an experimental demo of how a "Sign in with the Fediverse" mechanism might work.
If you have a Mastodon or Hubzilla account, or an IndieAuth-style self-hosted identity, I'd like to invite you to try and sign in to my test site at login.mythik.co.uk.
Headline features:- User authentication/authorization based on the Ory tools.
- Supports signing in using an existing Fediverse (or other) account - or one you host yourself
- Open source - well, not yet, but it could be, if people are interested in it
- Written by a non-expert! Woefully insecure! All manner of attacks, just waiting to be found! Invite your security expert friends to the party, and laugh together at the n00b! Fun for all the family!
Supported identity providers include:- Mastodon (must be a recent version that includes this pull request). mastodon.social is known to work.
- Hubzilla (any version). zotum.net is known to work.
- #IndieAuth / #FedCM
- Another instance of itself, using OpenID Connect
(There's a chance Streams might work, too.)
Protocols supported:- #OIDC Discovery
- Client ID Metadata Document
- FedCM for IndieAuth
- #OpenWebAuth
- A method using the Mastodon API
- Classic (non-FedCM) IndieAuth (if you're lucky; I found this very hard to test, and had various problems with it)
- My original experiments used Dynamic Client Registration but I've moved away from this.
If you can get it to work - share a screenshot and let me know what you think!
(I'll try to keep this running for a while, but I can't guarantee it - partly because I haven't finished trying to attack it yet. If I have to take it down for some reason, I'll edit this post to say so.) -
Anyone interested in single sign-on / #SSO? Want a new toy to play with? I've been experimenting with it recently, and now I've got something to share: an experimental demo of how a "Sign in with the Fediverse" mechanism might work.
If you have a Mastodon or Hubzilla account, or an IndieAuth-style self-hosted identity, I'd like to invite you to try and sign in to my test site at login.mythik.co.uk.
Headline features:- User authentication/authorization based on the Ory tools.
- Supports signing in using an existing Fediverse (or other) account - or one you host yourself
- Open source - well, not yet, but it could be, if people are interested in it
- Written by a non-expert! Woefully insecure! All manner of attacks, just waiting to be found! Invite your security expert friends to the party, and laugh together at the n00b! Fun for all the family!
Supported identity providers include:- Mastodon (must be a recent version that includes this pull request). mastodon.social is known to work.
- Hubzilla (any version). zotum.net is known to work.
- #IndieAuth / #FedCM
- Another instance of itself, using OpenID Connect
(There's a chance Streams might work, too.)
Protocols supported:- #OIDC Discovery
- Client ID Metadata Document
- FedCM for IndieAuth
- #OpenWebAuth
- A method using the Mastodon API
- Classic (non-FedCM) IndieAuth (if you're lucky; I found this very hard to test, and had various problems with it)
- My original experiments used Dynamic Client Registration but I've moved away from this.
If you can get it to work - share a screenshot and let me know what you think!
(I'll try to keep this running for a while, but I can't guarantee it - partly because I haven't finished trying to attack it yet. If I have to take it down for some reason, I'll edit this post to say so.) -
Anyone interested in single sign-on / #SSO? Want a new toy to play with? I've been experimenting with it recently, and now I've got something to share: an experimental demo of how a "Sign in with the Fediverse" mechanism might work.
If you have a Mastodon or Hubzilla account, or an IndieAuth-style self-hosted identity, I'd like to invite you to try and sign in to my test site at login.mythik.co.uk.
Headline features:- User authentication/authorization based on the Ory tools.
- Supports signing in using an existing Fediverse (or other) account - or one you host yourself
- Open source - well, not yet, but it could be, if people are interested in it
- Written by a non-expert! Woefully insecure! All manner of attacks, just waiting to be found! Invite your security expert friends to the party, and laugh together at the n00b! Fun for all the family!
Supported identity providers include:- Mastodon (must be a recent version that includes this pull request). mastodon.social is known to work.
- Hubzilla (any version). zotum.net is known to work.
- #IndieAuth / #FedCM
- Another instance of itself, using OpenID Connect
(There's a chance Streams might work, too.)
Protocols supported:- #OIDC Discovery
- Client ID Metadata Document
- FedCM for IndieAuth
- #OpenWebAuth
- A method using the Mastodon API
- Classic (non-FedCM) IndieAuth (if you're lucky; I found this very hard to test, and had various problems with it)
- My original experiments used Dynamic Client Registration but I've moved away from this.
If you can get it to work - share a screenshot and let me know what you think!
(I'll try to keep this running for a while, but I can't guarantee it - partly because I haven't finished trying to attack it yet. If I have to take it down for some reason, I'll edit this post to say so.) -
Just learned about the "Federated Credential Management API" #FedCM - a new proposal that adds browser support for managing delegated authentication workflows #OAuth #OIDC. It already looks great, but could be expanded with user-centric identity provider registration for more decentralization, as explained here: https://www.liquid.surf/2024/2/7/Can-FedCM-improve-Solid-login-flow