Comment by simonw

8 months ago

My problem with it being called OpenID Connect is that, in my head, an OpenID is a noun which means "a URL that you can use as your identity and prove that you own".

That definition doesn't work for OpenID Connect. Is OpenID a noun any more? I don't think it is.

6 comments

simonw

clhodapp 8 months ago

OpenID Connect can totally work that way if used with WebFinger for endpoint discovery, and occasionally this is implemented (though many websites do not).

pas 8 months ago
Hm, so the point of adding this additional hop (which is also a JSON under the .well-known/ prefix), is that I can always put the domain of my homepage into WebFinger aware OIDC login boxes, no need to remember the domain of my OIDC provider?
- shadowfacts 8 months ago
  
  Yes. This is how, for example, Tailscale implements bring-your-own identity provider: https://tailscale.com/blog/custom-oidc
  It is, to date, the only non-selfhosted service with which I can use my self-hosted SSO setup.
  
  3 replies →