@how @Gargron Wot no "Auth with Mastodon" option! ;-P
But seriously, would a "0TrackAuth" be 100% pointless?

@how The first three suck but I thought everyone here is on Github.That's the best one of that four.

@nipos In case you didn't notice, @defunkt sold out to M$. So no, it won't stick as an acceptable solution. Already hundreds of projects moved away from Github, and I'm sure more will.

As far as free software is concerned, Github is bound to become a leaf in the system, not a main zone -- was it ever? I remember heated discussions with @defunkt regarding, e.g., chooseyourlicense.com and his position on the GPL.

Now, who wants a PRISM company to track their logins?

@how I know that Github has been sold to M$ and I already moved my own project to an open source solution but I think Github will stay the number one platform to contribute to other projects and as I can't delete my account if I want to contribute to others,I can still use that account for third party logins.At least it doesn't suck as much as Google,Facebook and Twitter do.I don't have an account there,I hate them and I don't need them.

@nipos You're saying that M$ does not suck as much as G, F or T. I can't understand why frankly. They're in the same boat.

I guess Twitter is the lesser evil although since I use Mastodon I have no use for it.

Github will certainly stay, like G and F, but I won't be there anymore -- never have used M$, never will. If I want to contribute to some project hosted there, I can use Git without Github. Or they can do without me, yes?

@how ok I get that, I just don't understand the context of the picture. Where is it from?

@how Advantages of OAuth-only authentication: you don't have to keep a base of logins/passwords (or even a base of users).

Inconvenients: you exclude everyone who doesn't have an account on the few authentication providers you support.

@Feufochmar There's no reason to support only some OAuth providers, as there's no reason to grant all access to all OAuth providers on your data. Yet, the current implementations of OAuth only bring an all-or-nothing and you-know-me solutions.

Proper implementation would:
- authenticate with ANY provider
- grant only what the site believes is OK -- and that implies eventual restrictions on untrusted OAuth providers.

@how The problem with OAuth is that you can't get any user info (like the display name or user id) with the OAuth end-point API. The OAuth only tell you if the authentication succeeded or failed.

You have to make a call against a non-normalized API to get the user info from a OAuth provider. So you can't enable a provider without some associated code to support it. Furthermore, the authorisations you can ask to a provider are specific to that provider (ex: Mastodon has read/write/follow).


Sign in to participate in the conversation
Une fois pour TOOT! A Mastodon in Brussels

Une fois pour TOOT !

This instance is provided by Petites Singularités ASBL for like-minded people in Brussels and elsewhere.

We speak English, French, Dutch.

P.S.: works with free software and grassroots activists across disciplines, ranging from agro-ecology to cartography, libre aesthetics & ethics, (self-)organization & policy.

Discuss this on ps.zoethical.org.

Support this instance

Donate using Liberapay

Send donations to IBAN BE16 3630 1548 4674 (Petites Singularités ASBL) with mention ps.s10y.eu (and your name if and only if you want to be credited): we publish donations as we receive them, and expenses. Yearly service is expected to cost ~ 150 € (without sysadmin expenses.)

“We've got to fight the government, fight the oligarchy, fight capitalism, be internationalist and fight the empire because it's the best hope to enrich hundreds of millions of lives, and build towards a truly equitable future.”
— Abby Martin


  • Use English, French, or Flemish on this instance. Other languages will be excluded.
  • Be excellent to each other! We reserve the right to ban anyone who doesn't comply.
  • Fight the power!

Break in Case of Emergency

If you have any problem with someone on this instance, thank you to flag messages appropriately and contact the staff.

As this is a federated network, we expressly forbid contents such as: spam, pornography without NSFW tag, hate speech, racism, sexism, consumerism, corporatism, and nationalism.

Your Friendly Staff

@how, @natacha.