- Go 48.1%
- Python 42.9%
- HTML 4.8%
- Nix 1.7%
- CSS 1.3%
- Other 1.2%
| cli | ||
| cookies | ||
| doc | ||
| etc | ||
| examples/docker | ||
| fconfig | ||
| fhttp | ||
| fjwks | ||
| frontend | ||
| idp | ||
| LICENSES | ||
| rp | ||
| sql | ||
| test | ||
| tools | ||
| upstream | ||
| web | ||
| webfinger | ||
| .gitignore | ||
| .version | ||
| CREDITS.md | ||
| docker-compose.yml | ||
| flake.lock | ||
| flake.nix | ||
| frontend.nix | ||
| go.mod | ||
| go.sum | ||
| gomod2nix.toml | ||
| idp.nix | ||
| Makefile | ||
| pyproject.toml | ||
| README.md | ||
| rp.nix | ||
FedIAM
An experiment with some possibilities for federated single sign-on.
Suppose you want to allow people to log in to your web site. How will they identify themselves? With a username and password? We've all got far too many of those already, and they're not even particularly secure. Perhaps with a Google or Facebook account? That's a lot easier, but do we really want to allow these companies even further into our lives?
FedIAM is a research project which aims to offer an alternative: using Fediverse and IndieWeb protocols, visitors can log in using any one of thousands of small, independent networks run by ordinary people - or even using a provider that they host themselves, independently of any outside influence.
I'd like to think that one day it will be suitable for real use. I wouldn't recommend it right now, though.
Headline Features
- Server (AS, IdP) and client (RP) for open world authentication networks (mostly OAuth based)
- Supports signing in using an existing Fediverse (or other) account - or one you host yourself
- "Seamless" single sign-on with no user interaction (supported providers only)
- Written by a non-expert! Woefully insecure! All manner of attacks, just waiting to be found! Invite your security expert friends to the party, and laugh together at the n00b! Fun for all the family!
Supported identity providers
- Mastodon (v4.3.x)
- Hubzilla (any version - but must have ActivityPub enabled).
- Streams (must be a recent version)
- BlueSky using ATProto OAuth
- IndieAuth / FedCM
- Another instance of itself, using OpenID Connect
How do I try it?
There's a basic demo instance running at https://login.mythik.co.uk/ which anyone is welcome to try out. It doesn't do much - just lets you log in and then displays your identity. A more interesting demo at https://discourse.mythik.co.uk/ shows an integration with a real application.
To set up an instance of your own, you can use the Docker Quick Start Guide, or you can build it from source if you set up a local development environment. In both cases you'll need to configure a database.
Documentation
Important Caveat
This is just a toy, for experimental purposes only. It shouldn't be considered secure.