You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Atomic Data introduces a new self-sovereign public key based authentication mechanism. This has its merits (users are in full control of their identity, instead of servers), but pretty much everyone out there already settled on a standard: Open ID Connect. Supporting this helps achieve a few goals:
Sign in with your existing OIDC account (google, facebook, or your companies SSO server). No need to create a new account!
On starting AtomicServer, check presence of OAuth client + secrets in .env
(maybe) check if the Oauth server token is valid? Can also check this when signing in a user
Front-end checks if server supports some Oauth provider (e.g. google)
If true, show a button for this provider in the RegisterSignIn component
When clicked, get a token from the OAuth provider.
Store the token (I assume this is stored as cookie, so nothing we need to do)
Client tells server to create user / sign in?
Server checks cookie / HTTP headers for token
Server validates token with OAuth provider
Commits & private key management
If we sign in using some external identity provider, we are redirected to some page. This could be an endpoint that registers a public key to an Agent, adding it to the Agent resource.
Link with email
We're probably not going to be an identity provider, so we can keep things simple. Still, it would make sense to have email support for things like notifications.
But what about signing in using a magic link? Should users be able to add new public keys using email without using OIDC / Oauth? #276
The text was updated successfully, but these errors were encountered:
Atomic Data introduces a new self-sovereign public key based authentication mechanism. This has its merits (users are in full control of their identity, instead of servers), but pretty much everyone out there already settled on a standard: Open ID Connect. Supporting this helps achieve a few goals:
Thoughts
Libraries Rust
Libraries JS
TODO
Flow
Commits & private key management
If we sign in using some external identity provider, we are redirected to some page. This could be an endpoint that registers a public key to an Agent, adding it to the Agent resource.
Link with email
We're probably not going to be an identity provider, so we can keep things simple. Still, it would make sense to have email support for things like notifications.
But what about signing in using a magic link? Should users be able to add new public keys using email without using OIDC / Oauth? #276
The text was updated successfully, but these errors were encountered: