[Let's do it] SSO for Ghost

I’ll chime in for my part.

When I say SSO Login, I do mean social login for members. The lover the bar to entry is for someone to be able to login, engage with the community the easier and more likely it is that they’ll want to engage.

Having support for Okta, Keycloak etc would be nice but honestly ANYTHING that makes the sign up process easier would be really nice to have.

Okta is centralized and a millionary target to attack:

Jan 2022: Okta breached by Lapsus$
Aug 2022: 0ktapus phishing campaigns breach multiple organizations
Sept 2022: Auth0 source code stolen
Dec 2022: Okta source code stolen
Feb 2023: 0ktapus smishing attack targets Coinbase
Aug 2023: Okta notifies users of ongoing social engineering attacks
Sept 2023: MGM and Caesars Casinos breached via Okta AD Sync Connector
Oct 2023: Okta’s support unit breached, leading to admin session takeover
Oct 2023: Okta discloses support unit breach actually affected all customers

Is not the same as Keycloack Authentik because they are open-source and honest projects.

They offer an unique login that you can connect to social media, e-mails, tokens and almost everything to use it to log-in all your apps.

In a distopean world Social Sign On should be probably easy for the normie for a reason:

That’s fine, my statement still stands.

My primary use case is to have it easier for the user to login using google or such. I have no need or interest in running and securing an identity provider.

Your 80% use case is: “I want to login using google/FB etc” if you want to run your own idP that’s fine but most are not running ghost in an enterprise setting. Having a way do add your own hook or plugin to allow those patterns would make the user experience so much easier.

I’m not saying that Authentik should not be supported, but it should be via a generic pattern that doesn’t require a CS degree to configure.

So you can use what @Cathy_Sarisky developed, it’s fine for those who want to force their users to use social media accounts.

FOSS philosophy and self-managment is not for everyone (and I’m the opposite to enterprise).

Authentik don’t require a CS degree to configure but projects that understand the value of allowing those tools to work with.

In Discourse takes 15 minutes. On Ghost one needs to develop the all the bridges without any kind of support.

That’s what I’m asking for: respect for FOSS and allowing that everyone can manage their users as they want (including adding social media accounts as providers if that’s wanted).