I love the convenience of not having to create a password everywhere I need to be authenticated. It would be interesting to be able to use lemmy instead of feeding more information to these big corporations.
The short answer is: No.
Each site would need to implement this feature themselves. Think of all the potential platforms out there: lemmy, reddit, pinterest, instagram, linkedin, tiktok, snapchat, tumblr, whatsapp, friendster, quora… this list is long. Like REAL long, and Lemmy is nowhere near the top in popularity. Probably not even in the top 50 yet. Why would site developers implement Lemmy sign on over any of these others?
We did have a concerted effort at some point to adopt openid which was specifically designed to unify all these signons in an open manner, but instead we ran into the Standards Problem: xkcd 927.
I ran into this issue when writing the Canvas authentication thing
There is a standard to simplify authentication and identification across the entire web but it isn’t fully implemented everywhere
OAuth2 is the big name in this, it supplies authorized requests to access data from other companies and services
OpenID is related to OAuth2 but it only supplies identification in a standardized way. OpenID has mechanisms to announce that a specific domain has support for this and how to automatically register for it (removing the need to have a bunch of login buttons)
For Canvas 2024 I’m implementing drop in implementations for popular Fediverse software (including Lemmy)
Hopefully more fedi software implements OAuth2 or at least OpenID to vastly simplify authentication (and possibly replace “login with google”)
Related Links:
No, because Lemmy doesn’t support Oauth2 yet. And even if it would support it, at most it could be a “login with lemmy.ml” or similar instance specific button as the protocol requires a specific endpoint.
Edit: see other comment in this thread. With the OIDC discovery extension to OAuth2 it might be possible, but I haven’t seen that feature being used this way in the wild yet.
when you type [email protected] I already know what instance you’re from
Yes, but that is not how Oauth2/OIDC works (the old OpenID did, but it has been largely abandoned).
One of the reason this approach was abandoned is that these external login automations are very easily abused for spam if you allow arbitrary instances as the auth endpoint.
you could accept logins only from instances that have enough trust on fediseer, I think this would work better than the old openid
No
There’s no way I’m letting a lemmy instance hold the keys to any of my other accounts.
Pixelfed does this with mastodon.
To add to what others are saying… you really don’t want or need this anyways. Once passkeys are used broadly or well supported by password managers, logins will be pretty low friction.
I feel like logging in with Facebook and Google on sites is just as much about them gaining access to scrape more info about you as it is for your “convenience.” While there could be value with Lemmy, it’s not nearly what it is with Facebook and Google. So I would say not likely.
It absolutely is, anytime you see a login with Facebook it is about tracking you. Even if you are Not logged in, and you do Not use the button, the Facebook Pixel is still there tracking you.
Hence why I block it.
