[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ReclaimID and MediaGoblin OpenID Plugin
From: |
Schanzenbach, Martin |
Subject: |
Re: ReclaimID and MediaGoblin OpenID Plugin |
Date: |
Tue, 7 Dec 2021 19:19:17 +0000 |
Hi Tobias,
the screenshot under [3] shows both a link for the reclaimID login as well as a
manual entry.
I am not sure if both can be used. My assumption is that the text entry is
actually used in combination with OpenID Connect Discovery.
OIDC Discovery uses Webfinger to discover the OpenID Connect server from (e.g.)
your email address.
reclaimID does (atm) not support discovery. But that should not be an issue as
discovery is usually optional.
Now, if you can actually configure the OpenID Endpoints in the GMG plugin,
you should use the endpoints as defined in [1]. However, not all OpenID Connect
plugins support
manual entry of endpoints. We used this in WooCommerce with the WordPress
OpenID plugin before, where this is possible:
See
https://git.taler.net/woocommerce-taler.git/tree/server-build/QEMU-autobuild/buildReclaim.sh#n152
ff
Note that in general the URL https://api.reclaim/openid/authorize is a bit
hacky, as api.reclaim is not a real DNS name (it is intercepted by the
webextension).
So the GMG server likely will not accept this domain for the token and userinfo
endpoints (and this is also the reason the discovery fails hard).
We are currently working on different ways to define the authorization request,
possibly through https://openid.net/specs/openid-connect-self-issued-v2-1_0.html
What you essentially need is for the GMG plugin to generate a button which
redirects your browser to
https://api.reclaim/openid/authorize?client_id=<some GMG clientid>&scope="some
scopes"&etcetc
If you can point me to the OpenID configuration documentation for GMG, or to a
sample configuration, I may be able to provide more.
BR
Martin
> On 7. Dec 2021, at 19:01, Tobias Platen <gnunet@platen-software.de> wrote:
>
> Hello, I want to use ReclaimID with the MediaGoblins OpenID Plugin and
> I was able to get the OpenID plugin working as well as GNUnet and the
> Firefox extension. If I enter ui:reclaim in the browser, I can create
> Identities, but in GMG there is no way to use those identites. The
> GNUnet documentation at [1] seems to be unclear for me, it does not
> state how to integrate with websites. I have screenshots of my
> experiment at [3] and [4].
>
> [1] https://docs.gnunet.org/handbook/gnunet.html#OpenID-Connect
> [2] http://platen-software.de/tobias/tmp/mediagoblin.png
> [3] http://platen-software.de/tobias/tmp/reclaimid.png
>
> Tobias Platen (they/them)
>
>
signature.asc
Description: Message signed with OpenPGP