← Back to context

Comment by pas

8 months ago

Hm, so the point of adding this additional hop (which is also a JSON under the .well-known/ prefix), is that I can always put the domain of my homepage into WebFinger aware OIDC login boxes, no need to remember the domain of my OIDC provider?

4 comments

pas

Reply
shadowfacts  8 months ago

Yes. This is how, for example, Tailscale implements bring-your-own identity provider: https://tailscale.com/blog/custom-oidc

It is, to date, the only non-selfhosted service with which I can use my self-hosted SSO setup.

  • francislavoie  8 months ago

    I feel like I remember StackOverflow (and related sites) having OpenID login as an option, but I don't see it anymore. I figure they removed it due to low popularity.

    • Terretta  8 months ago

      > removed it due to low popularity

      Gotta get that sweet sweet SSO Tax revenue, and justify it by blaming setup and integration expense for SAML?