Re: ReclaimID and MediaGoblin OpenID Plugin

gnunet-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ReclaimID and MediaGoblin OpenID Plugin

From:	Schanzenbach, Martin
Subject:	Re: ReclaimID and MediaGoblin OpenID Plugin
Date:	Tue, 7 Dec 2021 19:19:17 +0000

Hi Tobias,

the screenshot under [3] shows both a link for the reclaimID login as well as a 
manual entry.
I am not sure if both can be used. My assumption is that the text entry is 
actually used in combination with OpenID Connect Discovery.
OIDC Discovery uses Webfinger to discover the OpenID Connect server from (e.g.) 
your email address.

reclaimID does (atm) not support discovery. But that should not be an issue as 
discovery is usually optional.

Now, if you can actually configure the OpenID Endpoints in the GMG plugin,
you should use the endpoints as defined in [1]. However, not all OpenID Connect 
plugins support
manual entry of endpoints. We used this in WooCommerce with the WordPress 
OpenID plugin before, where this is possible:
See 
https://git.taler.net/woocommerce-taler.git/tree/server-build/QEMU-autobuild/buildReclaim.sh#n152
 ff

Note that in general the URL https://api.reclaim/openid/authorize is a bit 
hacky, as api.reclaim is not a real DNS name (it is intercepted by the 
webextension).
So the GMG server likely will not accept this domain for the token and userinfo 
endpoints (and this is also the reason the discovery fails hard).
We are currently working on different ways to define the authorization request, 
possibly through https://openid.net/specs/openid-connect-self-issued-v2-1_0.html

What you essentially need is for the GMG plugin to generate a button which 
redirects your browser to
https://api.reclaim/openid/authorize?client_id=<some GMG clientid>&scope="some 
scopes"&etcetc

If you can point me to the OpenID configuration documentation for GMG, or to a 
sample configuration, I may be able to provide more.

BR
Martin

> On 7. Dec 2021, at 19:01, Tobias Platen <gnunet@platen-software.de> wrote:
> 
> Hello, I want to use ReclaimID with the MediaGoblins OpenID Plugin and
> I was able to get the OpenID plugin working as well as GNUnet and the
> Firefox extension. If I enter ui:reclaim in the browser, I can create
> Identities, but in GMG there is no way to use those identites. The
> GNUnet documentation at [1] seems to be unclear for me, it does not
> state how to integrate with websites. I have screenshots of my
> experiment at [3] and [4].
> 
> [1] https://docs.gnunet.org/handbook/gnunet.html#OpenID-Connect
> [2] http://platen-software.de/tobias/tmp/mediagoblin.png
> [3] http://platen-software.de/tobias/tmp/reclaimid.png
> 
> Tobias Platen (they/them)
> 
>

signature.asc
Description: Message signed with OpenPGP

[Prev in Thread]

Current Thread

[Next in Thread]

ReclaimID and MediaGoblin OpenID Plugin, Tobias Platen, 2021/12/07
- Re: ReclaimID and MediaGoblin OpenID Plugin, Schanzenbach, Martin <=

Prev by Date: ReclaimID and MediaGoblin OpenID Plugin
Next by Date: Using GNUnet API for distributed database in an app
Previous by thread: ReclaimID and MediaGoblin OpenID Plugin
Next by thread: Using GNUnet API for distributed database in an app
Index(es):
- Date
- Thread