On Tue, Apr 7, 2020 at 6:23 PM Bastian Blank wrote: > No, not really. The services ask the SSO service for the identity of > the user and get an attestation back. So each service needs to handle > it's own login.
Hmm, the OIDC documentation I've been able to find seemed to indicate the login request on a service gets redirected to the OIDC provider, which then redirects back to the service. Is there any documentation and diagrams on the typical request flows between the browser the servers involved that happens with OIDC? Is there an OIDC demo site somewhere so that I can see the requests between the browser and the servers involved and see which browser features OIDC uses and requires in practice? > However, I don't know how a moderation workflow should work. I'd like to see this happen via a "welcome" team. You register an account with a paragraph about why you're signing up, your account gets moderated and you receive a welcome email from the team with tips related to your signup paragraph and to the service where you started the registration flow, for eg people starting their registration on the wiki might get a link to the wiki editor guide. https://wiki.debian.org/Welcome > How many new users per day do you get? Usually one or two users per day to moderate between Steve and myself, sometimes more, especially during events. Our setup is less optimal for people who don't have email addresses or read errors so there are probably some who aren't contacting us to get an account. Also, to reduce friction for existing FLOSS folks we have a list of related email domains that do not need prior approval. Do we know which other FLOSS related groups Debian's OIDC setup could leverage for additional context at initial account creation? Or are we thinking that we would use email, GitHub, GitLab, Twitter, Facebook etc for that? -- bye, pabs https://wiki.debian.org/PaulWise
