User avatar
flori_ava_star:~cursor_blinking made-with-estrogen verifiedlesbian @star@amazonawaws.com
1mo
one can only write so much specification document involving OIDC in one day

and that is good

no one should have to do more of this
2
0
4
0
User avatar
flori_ava_star:~cursor_blinking made-with-estrogen verifiedlesbian @star@amazonawaws.com
1mo
codeberg.org/polyphony/polyproto-dot-org/commit/eac734612bdedb70f8b53ccbf1ab6da592ecf799
2
1
3
0
User avatar
AstraLuma @astraluma@tacobelllabs.net
1mo
@star reading through this, and i'm like "wait, OIDC already has a discovery and validation mechanism"

but then I realized it's for bootstrap, if I'm skimming it right?
1
0
0
0
User avatar
flori_ava_star:~cursor_blinking made-with-estrogen verifiedlesbian @star@amazonawaws.com
1mo
@astraluma what do you mean with "discovery and validation" and "bootstrap"? /genq
1
0
0
0
User avatar
AstraLuma @astraluma@tacobelllabs.net
1mo
@star so, given nothing but an OIDC JWT, there's a method to validate the issuer keys, and that whomever signed the token had access to the keys published (based on trusting DNS and TLS PKI).

But that assumes you're validating & evaluating a token that already exists. I think oidc_issuer is about bootstrap to get a token?
2
0
1
0
User avatar
flori_ava_star:~cursor_blinking made-with-estrogen verifiedlesbian @star@amazonawaws.com
1mo
@astraluma oidc_issuer is just to tell the client where the IdP can be contacted
1
0
0
0
User avatar
AstraLuma @astraluma@tacobelllabs.net
1mo
@star yeah, "Hi, I'm a client and I know nothing, can you tell me the shape of your world?" aka bootstrap
1
0
0
0
User avatar
flori_ava_star:~cursor_blinking made-with-estrogen verifiedlesbian @star@amazonawaws.com
1mo
@astraluma ahh, yes

sorry, it is late and my brain is completely fried from spec writing, xD
1
0
2
0
User avatar
AstraLuma @astraluma@tacobelllabs.net
1mo
@star it's cool

i had to know all this because Teahouse Hosting uses CI/CD OIDC for authenticating automations & pipelines
1
0
1
0
User avatar
flori_ava_star:~cursor_blinking made-with-estrogen verifiedlesbian @star@amazonawaws.com
1mo
@astraluma That's very cool! :3 neocat_owo
1
0
0
0
User avatar
AstraLuma @astraluma@tacobelllabs.net
1mo
@star it feels so slick and was in some ways easier to implement than a long-lived token system
1
0
1
0
User avatar
flori_ava_star:~cursor_blinking made-with-estrogen verifiedlesbian @star@amazonawaws.com
1mo
@astraluma OIDC is pretty neat overall!! I just wish it had more great documentation and a better overview of extensions and who implements them
0
0
1
0