| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Justin Clift <justin(at)postgresql(dot)org> |
| Cc: | Greg Stark <stark(at)mit(dot)edu>, PostgreSQL WWW <pgsql-www(at)postgresql(dot)org> |
| Subject: | Re: Google signin |
| Date: | 2017-07-13 18:53:14 |
| Message-ID: | CABUevEzqCW9XDJCA3YsLJ4R1-LfRmU8C5cspRhv6WSdchA+1TA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
On Wed, Jul 12, 2017 at 5:59 PM, Justin Clift <justin(at)postgresql(dot)org> wrote:
> On 12 Jul 2017, at 15:31, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> <snip>
> > OpenID is not, OAuth 2 is.
> >
> > Google, Github and Facebook all speak OAuth 2. I have working
> implementations for both Google and Github, so I'm sure it would be easy
> enough to make one for Facebook. I will see how much work it is to move
> that code over instead of using the Google javascript API that I did now.
> TBH, it's probably *easier* because it's not javascript :)
>
> As a thought, we could implement something like Auth0 (auth0.com)
> which does OAuth2 and provides a login for Google, FB, LinkedIn, GitHub,
> and others.
>
I fail to see what it really adds, over one more thing that can break, and
one more data collection point. For us, that is -- I can certainly see
other cases.
> Pro's
> *****
>
> * Pretty simple to implement
> * It has a reasonable management interface for picking and choosing
> with auth providers to allow (eg we can choose GitHub, Google, FB,
> and no enable others)
* The management interface has reasonable reporting too, to show
> user activity, stats, etc
>
So far that's all covered by talking oauth directly. So the only thing
there they'd actually add is about 4-5 URLs and decoding of a trivial js
structure.
> * Free for Open Source projects
>
For now.. And AFAICT only for the cloud services, not the
on-premise/installed one.
> * They're PG friendly, with instructions for using PG in their setup
> docs :)
Now *that* is always nice :)
> Con's
> *****
>
> * Not Open Source, though their setup examples and other supporting
> bits are on GitHub
>
* Another in-between service that can go down
* Another cloud service holding our users data (they're clearly already
happy with google/facebook/whatnot, but forcing an intermediary on them for
no large benefit will certainly result in questions if not complaints)
But in the end -- it just seems like a massive overkill for what's actually
a simple problem. All the actual *complexity* is on our side anyway
(because we want to keep supporting local users), and it's not making that
part any easier.
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2017-07-13 18:54:27 | Re: Google signin |
| Previous Message | Adrien Nayrat | 2017-07-13 08:22:00 | Update Debian and ubuntu versions |