OpenID/OAuth authentication/authorization for OSGeo

I think it’s about time to have some form of single sign on for OSGeo.

Playing with Mastodon I’ve seen a lot of easy sign in going on, whereas any app would send the user to her Mastodon instance to have a “ticket signed”, to authorize the app to do things. This is what OAuth is about.

With this approach you don’t give your credentials to the app. Instead the app will use a token to have the authorization to do things in the name of the Mastodon user. The user can later revoke the token effectively making the app unauthorized.

I think we could do something similar for OSGeo identities, allowing users to manage authorization tickets for apps. We already have this mechanism with Woodie and Drone, which obtain such tickets from Gotta, but I think it would be good to have a generic OpenId-connect service under the domain

I tried getting the gitea one to work on discourse, but I think I’m missing a config so I disabled it. If you want to take a look to figure out what I missed – settings are here -