Hacker News new | past | comments | ask | show | jobs | submit login

I'm not sure if I understood you correctly. Delegation of authentication usually implies trust between the two parties. GitLab (the hosted version) does probably not trust stravros.io enough to allow people to log in through there.

Portier looks indeed very nice, maybe I'll set up a tutorial how to get those two working together to get full Authentication (portier) + Authorization (Hydra) with using only open source technology.




Why does Gitlab have to trust anyone? It's the user that has to trust stravros.io not to tell Gitlab that other people are authorized.

It's no different than a regular email/password (with password recovery): if I register with user@stravros.io, then that email server becomes empowered to give access to the Gitlab account to anyone it wants. But that's not Gitlab's problem.

See also OpenID.


Exactly, and OpenID connect adds an authentication layer over OAuth2 for this exact purpose. If we manage to build that future, it will be very useful and quite exciting, at least to me. There won't be compromised passwords any longer, just the one password you can easily change.


You are ten years too late. The original OpenID did exactly this, and quite a few sites (especially tech focussed sites) let you sign in with it. Except then along came Google and Facebook with their proprietary login systems, and everyone jumped ship to those as they offered access to profiles rather than just a domain and possibly email address.


We first worked in this problem at Netscape just after the AOL acquisition in 1998. It turns out to be impossible because: show me the money. Something we figured out within a few weeks back then.


Which is precisely why DNS and SMTP have failed miserably.


Please elaborate on how DNS has failed? It seems to me that everyone uses DNS all the time and is an essential component of the Internet as we know it, but you and I may have differing notions of failure.


I assume he was being sarcastic


Anyone would think the internet has become more closed in recent years or something


> You are ten years too late.

As in, what I want has been working for ten years?

I'm obviously not late at all, since websites still won't let me delegate my auth.


The few that allowed OpenID 10 years ago did let you delegate your auth. OAuth and OpenID Connect killed that.


I don't care that some technology exists. I want it to be widespread. OpenID had huge usability problems.


Not just the data but also using Facebook or Google accounts means your users are much more likely to be real people instead of spam bots.


If you have questions for the portier side of things for that, send me a mail (in profile). A tutorial like that would be very cool.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: