That’s the point of OAuth, which is what you’re seeing there.
The idea is that you’re you and you have a… google account. This shitty little website doesn’t want to be responsible for you login details, because those can get stolen. Maybe they contain an email address, which is a problem. Software needs to be updated, it’s all a big. They don’t want to touch anything in terms of security that identifies you as you.
Maybe all the website does is save your favorite pepe memes. They don’t need anything else from you, but they still need to have something to get a user id and make sure nobody messes with your pepe meme collection. That’s where this system comes in, because the rest of website becomes significantly easier. They don’t need to store anything personally identifying, all they get is an ID and they can connect it with your pepes.
The only downside to OAuth is, as you can also see, that it’s corpos you don’t want to trust that are offering it.
Yeah, some of the same reason everyone uses stripe or PayPal for payment systems. If the site itself handles the cc info it holds all the liability, and has to pass rigorous POC testing and compliance.
There’s really no reason something like that couldn’t exist. A foundation would just have to decide to dedicate the resources to it.
The issue is it would have to gain significant adoption in order for web admins to think to include it. This list here is actually a lot larger than you usually see. It’s often just the big 2 or 3.
Harder, actually.
That’s the point of OAuth, which is what you’re seeing there.
The idea is that you’re you and you have a… google account. This shitty little website doesn’t want to be responsible for you login details, because those can get stolen. Maybe they contain an email address, which is a problem. Software needs to be updated, it’s all a big. They don’t want to touch anything in terms of security that identifies you as you.
Maybe all the website does is save your favorite pepe memes. They don’t need anything else from you, but they still need to have something to get a user id and make sure nobody messes with your pepe meme collection. That’s where this system comes in, because the rest of website becomes significantly easier. They don’t need to store anything personally identifying, all they get is an ID and they can connect it with your pepes.
The only downside to OAuth is, as you can also see, that it’s corpos you don’t want to trust that are offering it.
But most oauth implementations use the user email as identifier so they get the email anyway
Yeah, some of the same reason everyone uses stripe or PayPal for payment systems. If the site itself handles the cc info it holds all the liability, and has to pass rigorous POC testing and compliance.
Was just about to say getting Auth right is super hard. Getting someone else to do it for you is a godsend.
Okay, but where is the link to this Pepe memes page?
Yeah show us deh memes
While I get that, it is still unfortunate that no open-source, trusted variant can be part of the usual ways.
There’s really no reason something like that couldn’t exist. A foundation would just have to decide to dedicate the resources to it.
The issue is it would have to gain significant adoption in order for web admins to think to include it. This list here is actually a lot larger than you usually see. It’s often just the big 2 or 3.
They can? They are in some cases!
Just usually indie stuff. There’s Login With Mastodon on plenty of websites.
Even something like bitwarden would be nice
Exactly!
I have no account with the above. I wouldn’t make one for being able to use another service.
No idea what the product is here, but I guess I’m not their target audience. Which is fine.
Just have a spam account?
[email protected] for e.g.