Custom oauth / openid server?

Features and Ideas
1

hey everybody and a happy 2020 :slight_smile: i have a question: i am currently trying to set up a diaspora pod alongside other services for a private group of people. i was wondering if for that pod it is possible to integrate a self-hosted oAuth / SAML login so the mebers belonging to that private group of people can just sign into that pod with “our own” SSO solution. it seems diaspora supports SSO via twitter, facebook, tumblr and wordpress. but i cannot find any documentation for custom SSO. if there was anyone to help me here or that could point in the right direction (a no would also be sad but OK) i’d be super happy :slight_smile:

2

We do not support anything besides those social network-signins you mentioned, sorry.

If you feel brave, you could probably find something to integrate. Diaspora* uses Devise to handle authentication, which is a fairly popular library for those things, and there is a wide range of integration, including LDAP and other fun. But since we have no experience with those services, you’d be on your own.

3

thanks for the fast reply!

about the FB twitter part: i think i get it… the oauth credentials are basically just to register my pod in facebook to post stuff there - correct?
About LDAP: could you point me to any resources regarding the integration? that’d be a great starting point for me as well! i couldn’t find anything in the wiki.
In here i can only find this https://www.loomio.org/d/AF8Xb0c6/ldap-authentication-way-past-due and https://github.com/syncloud/diaspora/blob/master/integration/verify.py

… thank you either way. if there are no more resources than those i’ll have to deal with it… :smiley: However, if we keep making efforts to the integration we will of course share it with the community

Edit: i also noted that you can use your diaspora pod as an oauth authentication endpoint which is pretty neat… but i sort of need it the other way around… :grimacing:

4

Correct. It was put there for diaspora* users to post on Twitter and Facebook. Although, honestly, we probably should remove both. Facebook will likely reject your application for an API key, since diaspora* does not comply with the current rules. Same with Twitter.

As I said, we don’t support LDAP natively. Since we use Devise, there are a couple of devise-ldap-authenticators that you could use, like this one for example, or something based on this documentation. However, we have not tested any of those, and thus, I really can’t help you out. :frowning:

5

well… either way thanks a lot for your help and for digging out this documentation! Gives me some motivation to maybe try and implement this ourselves at some point. If so, i’d surely return here to share it with the community then!

Thanks again!

1 Like