Proton Identity (SSO IdP)
We already log into Proton's own products (including Simplelogin) by authenticating via our Proton accounts. It would be slick if the API for this was exposed, so others could use Proton as an identity provider for their own purposes. This is especially relevant for business users who want their teams on proton, to enable SSO access to other internal or 3rd party tools and platforms without having to look outside Proton, or for consumer-facing platforms that want to allow their users to log in with Proton instead of e.g. Google (blech).
-
Richard J. Acton commented
It would be nice to see webfinger configured to allow tailscale and other platforms that support this approach to adding external OICD providers added to simplelogin's sign in services see:
https://github.com/simple-login/app/discussions/1927
https://tailscale.com/kb/1240/sso-custom-oidc -
[Deleted User] commented
Suggester, are you aware of "Sign In With SimpleLogin" by Proton? It uses OAuth2 and OpenID Connect. If I understand correctly, it's a better option than giving the same Proton address to all your services.
-
grunhutl commented
An OIDC service that allows users to authenticate at apps & services using their Proton credentials as a secure, 3rd party IDP that those services can trust.
OIDC is: "It is easy, reliable, secure, and eliminates storing and managing people’s passwords. It improves the user experience of sign-up and registration and reduces website abandonment. Furthermore, Public-key-encryption-based authentication frameworks like OpenID Connect increase the security of the whole Internet by putting the responsibility for user identity verification in the hands of the most expert service providers."
-
grunhutl commented
An OIDC service that enables users to use their proton credentials to authenticate with apps and services that use OIDC (e.g., apps that let you authenticate using your Facebook or gmail or apple credentials etc) - having a secure OIDC connected not to an insecure app would be a good service.
-
Mohammad Al-Ahdal commented
This would be game changer especially if someone comes along and makes an authjs.dev provider for it