Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[meta] Looking for maintainers! #89

Open
toupeira opened this issue Oct 10, 2019 · 12 comments
Open

[meta] Looking for maintainers! #89

toupeira opened this issue Oct 10, 2019 · 12 comments

Comments

@toupeira
Copy link
Member

I'm increasingly neglecting this gem because I'm not really using it in any of my current projects, and working with OAuth / OIDC is just generally causing me a lot of headaches 😛

If anybody wants to become a maintainer, please let me know!

/cc @nashby @nbulaj

@giubueno
Copy link

giubueno commented Mar 2, 2020

Ping me.

@nbulaj
Copy link
Member

nbulaj commented May 19, 2020

@toupeira I will provide a support for this gem (as doorkeeper maintainer), like some bugfixes and improvements, but not new features. Could you please check if I have permissions to push to rubygems? I have something more to merge soon, and we need to release a new version with a fixes to support latest Doorkeeper (5.4).

@toupeira
Copy link
Member Author

@nbulaj thanks! 👍

And yes you should have permission:

$ gem owner doorkeeper-openid_connect
Owners for gem: doorkeeper-openid_connect
- nikita_bulai
- [email protected]
- [email protected]

@mecampbellsoup
Copy link

and working with OAuth / OIDC is just generally causing me a lot of headaches 😛

Out of curiosity (as we embark on a buy-vs-build decision at our company) could you elaborate on these headaches?!

@toupeira
Copy link
Member Author

@mecampbellsoup well, just take a look at the length and complexity of these specs 😁

But joking aside, I originally started extending this gem so we could support OIDC in GitLab, so it's used quite widely (especially at Siemens, who originally sponsored that contribution), and @nbulaj and me are still around now and then to look after bugfixes and other small improvements.

And really most of the heavy lifting is done in the main Doorkeeper gem, so if you're tied to Rails I don't think there's a good reason to start from scratch 🙂 You might be interested in https://github.com/nov/openid_connect though, if you're looking for more of a library rather than a Railsy framework solution.

@mecampbellsoup
Copy link

@mecampbellsoup well, just take a look at the length and complexity of these specs 😁

But joking aside, I originally started extending this gem so we could support OIDC in GitLab, so it's used quite widely (especially at Siemens, who originally sponsored that contribution), and @nbulaj and me are still around now and then to look after bugfixes and other small improvements.

And really most of the heavy lifting is done in the main Doorkeeper gem, so if you're tied to Rails I don't think there's a good reason to start from scratch 🙂 You might be interested in nov/openid_connect though, if you're looking for more of a library rather than a Railsy framework solution.

To be sure, we would use this library if we went with Ruby. However we are more likely to use Python due to ... well, other concerns not related to this conversation.

I was more curious whether you were suggesting that:

  • you are a "buy" proponent in the build-vs-buy debate (e.g. Auth0, Okta); or
  • you are opposed to OIDC whatsoever (on the IdP side, i.e. should my company's auth server be a full-fledged OIDC IdP, or is it sufficient to simply issue opaque tokens and do session management like the good old days)

@toupeira
Copy link
Member Author

@mecampbellsoup I'm not opposed to OIDC at all, it seems perfectly fine if you want to build your own SSO, and OAuth2 will probably crop up anyway if you want to integrate with other services.

Regarding hosted SSOs, I don't have much experience with them and zero knowledge about your business so I can't really give you any advice 😉 But I do know that Auth0 and Okta also offer OIDC and are certified providers: https://openid.net/certification/

@stanhu
Copy link
Contributor

stanhu commented Nov 22, 2022

@toupeira Do you think you could add me here?

@toupeira
Copy link
Member Author

toupeira commented Dec 3, 2022

@stanhu oh hey, sorry for the delay! Turns out the notifications for this repository were still getting sent to my old gitlab.com address 😅

I haven't been active here in a while, so I'll leave this decision to @nbulaj who's taken over the helm. For context, Stan works at GitLab and I trust him fully, and I myself have left GitLab earlier this year 🙂

@nbulaj
Copy link
Member

nbulaj commented Dec 20, 2022

Oh, @stanhu do you still interested in helping maintaining the gem? Just let me know please 🙏 Sorry didn't have enough time to read all the discussions.

@nbulaj nbulaj pinned this issue Feb 20, 2024
@pboling
Copy link

pboling commented Aug 30, 2024

It's interesting that the readme points to the official list of certified client/server libraries for OpenID Connect, which only has one Ruby library listed, (https://gitlab.com/os85/rodauth-oauth). Was this library previously certified? Or is the link there to subtly hint that people ought to look into using a different library?

@toupeira
Copy link
Member Author

@pboling oh, that link points to http://openid.net/developers/libraries/ which now redirects to https://openid.net/developers/certified-openid-connect-implementations/. At the time I added it it was just a collection of libraries and clients, and IIRC this gem was on there too 😉

The gem was never certified though, back then it was only possible to certify specific deployments but I see they now also list "Certified OpenID Provider Libraries". We tried to get the gitlab.com deployment certified, but that didn't go anywhere due to lack of interest: https://gitlab.com/gitlab-org/gitlab/-/issues/414305

I did use https://gitlab.com/openid/conformance-suite to check conformity and iron out bugs, so if anybody wants to take this topic up again it should be mostly there on the technical side. 🤞

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

6 participants