OpenID Loomio Authentication
A requested feature is an OpenID authentication, to make possible i.e. for a Wordpress site users to authenticate on Loomio through a plugin that acts as OpenID provider
https://it.wordpress.org/plugins/openid/
James Kiesel Mon 19 Jun 2017 10:16AM
Persona (or BrowserID) was decommissioned by Mozilla at the beginning of 2016.
If there's a dev who's interested in working on this, I strongly recommend simply using the Omniauth OpenID gem to integrate with the existing OAuth systems in the app.
Danyl Strype Mon 19 Jun 2017 11:00PM
@gdpelican can you describe roughly what work would need to be done on the Omniauth OpenID gem you mentioned to make it compatible with Loomio?
Marco Giustini Mon 19 Jun 2017 7:27PM
@strypey perhaps some friends could fund a dev to develop a script like the one described by @gdpelican Is it Loomio.org interested in integrate it on the code, so to have also an OpenID auth?
Markus Koller Thu 22 Jun 2017 7:52PM
Note that the old OpenID standard is deprecated by the new OpenID Connect, which is built on top of OAuth 2.0 and can be used with e.g. https://github.com/jjbohn/omniauth-openid-connect
@strypey I don't think either of these gems require any work to be compatible with Loomio, they can simply be added and configured like the existing login mechanisms (which are using omniauth as well).
Danyl Strype · Mon 19 Jun 2017 5:21AM
Loomio used to support Mozilla Persona for federated identity authentication (or Single Sign-On/ SSO), but this seems to have died :( I presume OAuth 2.0 is presently being used to provide the ability to login with FB and Google? Shibboleth is another system I've seen recommended in free code circles. Any federated identity layer needs to be secured carefully, as they add huge areas of attack surface. Here's a talk from two SSO security researchers, focusing mainly on OAuth and OpenID; 'On the Security and Privacy of Modern Single Sign-On in the Web'.