Does Gratipay have plans to become an Identity Provider?

[dmitshur]

Hi there.

I intend for this to be a simple and quick question. I don't want to add to the amount of work that needs to be done. I'm asking out of ignorance, so don't consider this a feature request. :)

Does Gratipay have plans to become an Identity Provider? The definition of an identity provider I'm using is https://en.wikipedia.org/wiki/Identity_provider.

Basically, suppose I have a simple personal website with a blog, and I want to add ability for visitors to sign in and leave comments. Suppose I want them to be able to sign in with their existing Gratipay account, rather than creating my own user accounts for my blog or personal site.

(I know there are existing identity providers, for example Google, or something else that uses OpenID Connect, that I could use instead.)

Thanks! I didn't find an existing issue talking about this; I hope it's not a duplicate.

[chadwhitacre]

@shurcooL I don't find a ticket for this, so it's not a dupe (that I can see) and that means we don't have any plans for this yet. But we do now! This ticket is the plan. ;-) My instinct would be that we'd implement this using OAuth, since that's what we're using as an identity consumer. Does that sound right to you?

I'd be fine for Gratipay to add this feature, though personally I don't expect to work on this anytime soon.
For context, here's my own sense of Gratipay's top priorities right now.

[dmitshur]

I think becoming an Identity Provider is a pretty big decision, and not one you should opt-into unless you're willing to support it in the long term. Unless it's done as an experiment and communicated as such, but then the value might be lower. The point of an IP is that others can rely on it, but that's only possible if its future is reasonably predictable.

My instinct would be that we'd implement this using OAuth, since that's what we're using as an identity consumer. Does that sound right to you?

Something like that, but one important consideration is that OAuth 2.0 is a delegated authorization protocol. Ideally, a true authentication protocol such as OpenID Connect would be preferable. Read here for the difference. (OpenID Connect is basically OAuth 2.0 with relatively small additions on top, so it's not a large change, but it's helpful to be precise here.)

[chadwhitacre]

@shurcooL Is this something you would want to work on for Gratipay?

[dmitshur]

It is not, primarily because I have other existing work to finish first before I can take on more things. :)

I intend for this to be a simple and quick question. I'm asking out of ignorance, so don't consider this a feature request.

I will politely close this issue now, since I consider this task - finding out an answer to my original question - to be resolved now.

If there is a feature request for this functionality in the future, I think a new issue should be opened (and it can certainly reference this one for some background/context).

Thanks again! :)

[chadwhitacre]

Cheers, @shurcooL. :-)