@alexmercier @how if its a necessary site, it would be the best one to use in this case

@miwilc @how indeed. Hopefully it wont be merge with Microsoft account.

@alexmercier @miwilc @how Check out this Credit Card Processing startup that only lets you log in with Google, and pulls in 3rd party scripts from Twitter & Quora on their login page. How is this PCI compliant?


@mastodan @alexmercier @miwilc @how that's a lot of surveillance script for a login page with just G+ available.

I'm not a PCI expert but it doesn't seems like there is a check for surveillance script on login page.

@alexmercier @miwilc @how Pretty sure the PCI data security standard doesnt require you to run a script to checl for other scripts on a webpage. Otherwise this site would be non-compliant.

Can Mastodon OAuth be a thing? Because the only one I use now is GitLab, and it's rare

@notabene Because the name is not important, I stumbled upon it, but it's not the first time it happens. However it's the first time I can see all four of auth providers (T, G, F, M) without an alternative.

@how @notabene it would be helpful so other people can both avoid and warn others of the site

@how @Gargron Wot no "Auth with Mastodon" option! ;-P
But seriously, would a "0TrackAuth" be 100% pointless?

@how The first three suck but I thought everyone here is on Github.That's the best one of that four.

@nipos In case you didn't notice, @defunkt sold out to M$. So no, it won't stick as an acceptable solution. Already hundreds of projects moved away from Github, and I'm sure more will.

As far as free software is concerned, Github is bound to become a leaf in the system, not a main zone -- was it ever? I remember heated discussions with @defunkt regarding, e.g., chooseyourlicense.com and his position on the GPL.

Now, who wants a PRISM company to track their logins?

@how I know that Github has been sold to M$ and I already moved my own project to an open source solution but I think Github will stay the number one platform to contribute to other projects and as I can't delete my account if I want to contribute to others,I can still use that account for third party logins.At least it doesn't suck as much as Google,Facebook and Twitter do.I don't have an account there,I hate them and I don't need them.

@nipos You're saying that M$ does not suck as much as G, F or T. I can't understand why frankly. They're in the same boat.

I guess Twitter is the lesser evil although since I use Mastodon I have no use for it.

Github will certainly stay, like G and F, but I won't be there anymore -- never have used M$, never will. If I want to contribute to some project hosted there, I can use Git without Github. Or they can do without me, yes?

@shadow8t4 It's about trust and the open Internet.

@how ok I get that, I just don't understand the context of the picture. Where is it from?

@how Advantages of OAuth-only authentication: you don't have to keep a base of logins/passwords (or even a base of users).

Inconvenients: you exclude everyone who doesn't have an account on the few authentication providers you support.

@Feufochmar There's no reason to support only some OAuth providers, as there's no reason to grant all access to all OAuth providers on your data. Yet, the current implementations of OAuth only bring an all-or-nothing and you-know-me solutions.

Proper implementation would:
- authenticate with ANY provider
- grant only what the site believes is OK -- and that implies eventual restrictions on untrusted OAuth providers.

@how The problem with OAuth is that you can't get any user info (like the display name or user id) with the OAuth end-point API. The OAuth only tell you if the authentication succeeded or failed.

You have to make a call against a non-normalized API to get the user info from a OAuth provider. So you can't enable a provider without some associated code to support it. Furthermore, the authorisations you can ask to a provider are specific to that provider (ex: Mastodon has read/write/follow).


@how Exactly. I can't wait to click somewhere else either.

Sign in to participate in the conversation
Une fois pour TOOT! A Mastodon in Brussels

Une fois pour TOOT !

This instance is provided by Petites Singularités ASBL for like-minded people in Brussels and elsewhere.

We speak English, French, Dutch.

P.S.: works with free software and grassroots activists across disciplines, ranging from agro-ecology to cartography, libre aesthetics & ethics, (self-)organization & policy.

Discuss this on ps.zoethical.com.

Support this instance

Donate using Liberapay

Send donations to IBAN BE16 3630 1548 4674 (Petites Singularités ASBL) with mention ps.s10y.eu (and your name if and only if you want to be credited): we publish donations as we receive them, and expenses. Yearly service is expected to cost ~ 150 € (without sysadmin expenses.)

“We've got to fight the government, fight the oligarchy, fight capitalism, be internationalist and fight the empire because it's the best hope to enrich hundreds of millions of lives, and build towards a truly equitable future.”
— Abby Martin