On Sun, Mar 02, 2025 at 10:44:40AM +0100, Jakub Kadlcik wrote: > > I wonder if it would be possible after you are sure OIDC is working > > well to drop the other login buttons? > > Sure, it doesn't make any sense to keep the old login button. Especially > since you want to sunset that auth method completely. > > But now that I think about, we maybe made a mistake when introducing the > login. We should have changed the default "log in" button to OIDC and > introduce a new "legacy log in" or something like that, as a fallback until > we are sure everything works. > > Now we are stuck with "OIDC login" button or we get people confused when > renaming it to "log in".
I don't think anyone would be confused if there's just one button that says 'log in'. The current situation is even more confusing, because theres: "log in" -> old openid "OIDC login' -> new openid connect "gssapi login' -> kerberos but... if you login with 'log in' or 'OIDC login' and have a valid kerberos ticket, you get redirected to id.fedoraproject.org, it sees the ticket and just auths you and redirects you back to be logged in. Or if you log in to something else and still have the secure auth cookie in your browser, id.fedoraproject.org will auth you without having to do anything. Anyhow, I think it would be much better to have just 'log in' and have it be the OIDC path. Users shouldn't see or care about what OIDC is, or gssapi is, they just want to login. :) kevin -- > > On Wed, Feb 26, 2025 at 12:32 PM Michael J Gruber <m...@fedoraproject.org> > wrote: > > > Am Di., 25. Feb. 2025 um 20:56 Uhr schrieb Kevin Fenzi via copr-devel > > <copr-devel@lists.fedorahosted.org>: > > > > > > On Tue, Feb 25, 2025 at 09:47:50AM +0100, Jakub Kadlcik via copr-devel > > wrote: > > > > Copr was AFAIK the last Fedora service to switch to OIDC and now that > > it is > > > > done, the Fedora Infra team will aim to sunset the previous login > > method. > > > > Therefore, I recommend everybody to try the new OIDC login to make > > sure it > > > > works for you while we still have the old method as a fallback. > > > > > > > > https://pagure.io/fedora-infrastructure/issue/10241 > > > > > > Yeah. > > > > > > I wonder if it would be possible after you are sure OIDC is working > > > well to drop the other login buttons? It's a bit confusing to see > > > several login buttons (how do you decide what to use?) and it's a bit > > > bad for support too (I can't login! How did you try, which button did > > > you press?). > > > > > > > Without trying, I would have merely guessed that "OIDC" is what I know > > otherwise as open ID. Especially because of the C, which seems to > > denote an implementation detail. > > > > Naming matters ... > > > > ... and login via Fedora open ID works, fwiw. > > > > Michael > > > > -- _______________________________________________ copr-devel mailing list -- copr-devel@lists.fedorahosted.org To unsubscribe send an email to copr-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/copr-devel@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
