Hello, On lundi 18 juillet 2022 21:40:48 CEST Carl Schwan wrote: > on mobile so sorry for top posting > > fund.krita.org is using just plain oauth2 so it should be fine. Adding more > auth options should also not be too hard for fund.krita.org and probably a > good idea in any cases. > > What I wonder though, is how you plan to do the migration. identity uses the > old username has unique identifier, something we want to move away (main > reasons is that people change names for various reasons). my.kde.org uses a > uuid instead and that makes it more future proof. It is possible to use the > uuid from my.kde.org in gitlab? I remember some big trouble with the > migration (and some nasty emails) and it would be good to avoid that again. > > Also did you consider using keycloak/freeIPA? These are very solid system > that provides oauth2, openid connect, saml and ldap. unfortunately like we > learned with mykde, oauth2 only is not really ideal, and openid connect, saml > and ldap are way more standardized.
As far as I know, keycloak does not really have a user accessible way to reset password or have recovery codes for 2FA authentication. That may be problematic. > > Cheers, > Carl > > -------- Original Message -------- > On Jul 18, 2022, 20:53, Ben Cooksley wrote: > > > On Tue, Jul 19, 2022 at 2:40 AM Halla Rempt <[email protected]> wrote: > > > >> On zondag 17 juli 2022 11:54:27 CEST Ben Cooksley wrote: > >> > >>> I'd therefore like to move away from both Identity and MyKDE to Gitlab. > >> > >> What will that mean for fund.krita.org? That currently uses mykde, and > >> that already is a problem for quite a few people to figure out how to > >> create an account and login. > > > > The Krita Fund will need to be sorted out separately, as the Blender Fund > > app from which it is sourced is fairly tightly coupled with Blender ID > > (which is where MyKDE came from). > > There is also the slight issue of it's dependence on Braintree. > > > > As Ingo points out though, for user focused sites allowing a variety of > > login providers is likely the best path forward. > > > >> Halla > > > > Cheers, > > Ben > Best regards -- Matthieu
signature.asc
Description: This is a digitally signed message part.
