top | item 34095302

(no title)

schwap | 3 years ago

The standards for this experience exist with OIDC Discovery[1] and Dynamic Client Registration[2], unfortunately they aren't used but it's not because it isn't supported.

[1] https://openid.net/specs/openid-connect-discovery-1_0.html [2] https://openid.net/specs/openid-connect-registration-1_0.htm...

discuss

kevincox|3 years ago

Do any big-name providers support this? For example trying the webfinger request described in the first link on gmail.com returns a 404.

As much as I love the ability to use my own server it is going to fall flat for the vast majority of users if you can't support at least one of Google/Facebook/Twitter/Microsoft.

OpenID was supported by Google, Yahoo, MySpace, Wordpress and a few other big names. Not ideal but enough that you could basically expect most users to be covered.

tlarkworthy|3 years ago

It's here for Google https://accounts.google.com/.well-known/openid-configuration

Here for Microsoft https://login.microsoftonline.com/common/v2.0/.well-known/op...

dwaite|3 years ago

No. Generally this is because it is not a technical capability problem, but a business problem.

Often, sites which use OpenID for authentication either have no automated account recovery, or do recovery based on a verified email claim. This means those relying parties do indeed rely on the reliability and service support promises of the OP, as well as the validity of attribute data shared.

If ISPs or Google had been interested in providing webfinger-based discovery, we might have been able to create a decent UX around an assumption that your identifier was an email address, and that a local authentication process (including potentially an emailed code or link) was an acceptable fall-back. But there was never really critical mass for this to happen.

unknown|3 years ago

[deleted]