Hacker News new | past | comments | ask | show | jobs | submit login

It's been some time last I checked, but isn't OpenID Connect provided anymore by Goog/Fb? Why wouldn't that be a reasonable choice if you wanted a protocol that, from the dev side of things, allowed you to uniformly target external auth providers, or your own?





OoenID Connect is different. Its basically just OAuth2, and google/fb require the ap developer to register their app with google/fb in order to authenticate users.

Whcih is pretty bad for both developers and users, as a user I cant run my own identity provided and as a developer I have to spend time setting up accounts with ever identity provider i wish to integrate.

Original OpenID just let me as a user use a URL as my identity, so I could use any identity provider I wanted, including running one myself.

EDIT: There is a specification for dynamic client registration but nobody implements it as far as I've been able to tell.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: