hellekin is a user on s10y.eu. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

@miwilc @how I'd not use this website/app/service whatever

@alexmercier @how if its a necessary site, it would be the best one to use in this case

@miwilc @how indeed. Hopefully it wont be merge with Microsoft account.

@how
Can Mastodon OAuth be a thing? Because the only one I use now is GitLab, and it's rare

@notabene Because the name is not important, I stumbled upon it, but it's not the first time it happens. However it's the first time I can see all four of auth providers (T, G, F, M) without an alternative.

@how @notabene it would be helpful so other people can both avoid and warn others of the site

@how @Gargron Wot no "Auth with Mastodon" option! ;-P
But seriously, would a "0TrackAuth" be 100% pointless?

@how The first three suck but I thought everyone here is on Github.That's the best one of that four.

@nipos In case you didn't notice, @defunkt sold out to M$. So no, it won't stick as an acceptable solution. Already hundreds of projects moved away from Github, and I'm sure more will.

As far as free software is concerned, Github is bound to become a leaf in the system, not a main zone -- was it ever? I remember heated discussions with @defunkt regarding, e.g., chooseyourlicense.com and his position on the GPL.

Now, who wants a PRISM company to track their logins?

@how I know that Github has been sold to M$ and I already moved my own project to an open source solution but I think Github will stay the number one platform to contribute to other projects and as I can't delete my account if I want to contribute to others,I can still use that account for third party logins.At least it doesn't suck as much as Google,Facebook and Twitter do.I don't have an account there,I hate them and I don't need them.

@nipos You're saying that M$ does not suck as much as G, F or T. I can't understand why frankly. They're in the same boat.

I guess Twitter is the lesser evil although since I use Mastodon I have no use for it.

Github will certainly stay, like G and F, but I won't be there anymore -- never have used M$, never will. If I want to contribute to some project hosted there, I can use Git without Github. Or they can do without me, yes?

@shadow8t4 It's about trust and the open Internet.

@how ok I get that, I just don't understand the context of the picture. Where is it from?

@how Advantages of OAuth-only authentication: you don't have to keep a base of logins/passwords (or even a base of users).

Inconvenients: you exclude everyone who doesn't have an account on the few authentication providers you support.

@Feufochmar There's no reason to support only some OAuth providers, as there's no reason to grant all access to all OAuth providers on your data. Yet, the current implementations of OAuth only bring an all-or-nothing and you-know-me solutions.

Proper implementation would:
- authenticate with ANY provider
- grant only what the site believes is OK -- and that implies eventual restrictions on untrusted OAuth providers.

@how The problem with OAuth is that you can't get any user info (like the display name or user id) with the OAuth end-point API. The OAuth only tell you if the authentication succeeded or failed.

You have to make a call against a non-normalized API to get the user info from a OAuth provider. So you can't enable a provider without some associated code to support it. Furthermore, the authorisations you can ask to a provider are specific to that provider (ex: Mastodon has read/write/follow).

@how
LOG ME IN WEBSITE
(CAN'T LOGIN)
LOG ME IN WEBSITE
(NO FACEBOOK)
JUST LET ME TYPE MY NAME INTO YOUR FORM
(LOG ME IN)
-Katie

@how Exactly. I can't wait to click somewhere else either.