3
12
Fork
You've already forked FedIAM
0
Login and access control based on open identities
  • Go 46.9%
  • Python 45.2%
  • HTML 4.3%
  • Nix 1.3%
  • CSS 1.2%
  • Other 1.1%
2026年07月11日 12:10:51 +01:00
cli Switch to nixpkgs 25.11 and update dependencies 2026年04月05日 16:56:44 +01:00
cookies Move cookie jar into a package 2024年12月07日 18:05:00 +00:00
doc Identity Assertion JWT Authorization Grant (ID-JAG) 2026年02月22日 12:49:09 +00:00
etc Split HTTP components into an external package 2025年02月16日 12:19:17 +00:00
examples/docker First public release 2024年08月25日 10:50:17 +01:00
fconfig Expand environment variables in config files 2026年03月08日 15:57:49 +00:00
fhttp Add extra certs to internal HTTP client 2026年02月19日 17:15:07 +00:00
fjwks Upgrade to Go 1.26 and run 'go fix' 2026年03月02日 11:55:38 +00:00
frontend Upgrade to Go 1.26 and run 'go fix' 2026年03月02日 11:55:38 +00:00
idp Proxy endpoint for making DPoP requests 2026年07月11日 11:26:53 +01:00
LICENSES Add licence text 2024年08月25日 14:07:34 +01:00
rp Proxy endpoint for making DPoP requests 2026年07月11日 11:26:53 +01:00
sql Primary keys in SQLite schema 2026年03月09日 16:03:30 +00:00
test Proxy endpoint for making DPoP requests 2026年07月11日 11:26:53 +01:00
tools Split HTTP components into an external package 2025年02月16日 12:19:17 +00:00
web Use the OIDC 'login_hint' parameter for the user's ID 2026年02月09日 15:03:48 +00:00
webfinger Remove fhttp.NewRequest 2025年04月14日 19:24:11 +01:00
.gitignore Quick and dirty CLI tool for manipulating users and roles 2025年04月20日 09:36:23 +01:00
.version New approach to version tagging 2026年04月04日 13:22:54 +01:00
CREDITS.md Add image file credits 2025年04月28日 12:17:24 +01:00
docker-compose.yml More configurability for Kratos 2025年06月04日 08:31:24 +01:00
flake.lock Update nixpkgs 2026年04月27日 10:12:06 +01:00
flake.nix Use upstream pytest-asyncio 2026年07月11日 12:10:51 +01:00
frontend.nix Build with Go 1.26 2026年04月25日 15:09:50 +01:00
go.mod Move DID resolver into its own repository 2026年04月27日 08:39:17 +01:00
go.sum Move DID resolver into its own repository 2026年04月27日 08:39:17 +01:00
gomod2nix.toml Move DID resolver into its own repository 2026年04月27日 08:39:17 +01:00
idp.nix Build with Go 1.26 2026年04月25日 15:09:50 +01:00
Makefile Move DID resolver into its own repository 2026年04月27日 08:39:17 +01:00
pyproject.toml pytest -> 1.0.0 2025年06月02日 17:24:23 +01:00
README.md Documentation update 2025年05月04日 09:08:02 +01:00
rp.nix Build with Go 1.26 2026年04月25日 15:09:50 +01:00

FedIAM

An experiment with some possibilities for federated single sign-on.

Suppose you want to allow people to log in to your web site. How will they identify themselves? With a username and password? We've all got far too many of those already, and they're not even particularly secure. Perhaps with a Google or Facebook account? That's a lot easier, but do we really want to allow these companies even further into our lives?

FedIAM is a research project which aims to offer an alternative: using Fediverse and IndieWeb protocols, visitors can log in using any one of thousands of small, independent networks run by ordinary people - or even using a provider that they host themselves, independently of any outside influence.

I'd like to think that one day it will be suitable for real use. I wouldn't recommend it right now, though.

Headline Features

  • Server (AS, IdP) and client (RP) for open world authentication networks (mostly OAuth based)
  • Supports signing in using an existing Fediverse (or other) account - or one you host yourself
  • "Seamless" single sign-on with no user interaction (supported providers only)
  • Written by a non-expert! Woefully insecure! All manner of attacks, just waiting to be found! Invite your security expert friends to the party, and laugh together at the n00b! Fun for all the family!

Supported identity providers

How do I try it?

There's a basic demo instance running at https://login.mythik.co.uk/ which anyone is welcome to try out. It doesn't do much - just lets you log in and then displays your identity. A more interesting demo at https://discourse.mythik.co.uk/ shows an integration with a real application.

To set up an instance of your own, you can use the Docker Quick Start Guide, or you can build it from source if you set up a local development environment. In both cases you'll need to configure a database.

Documentation

Important Caveat

This is just a toy, for experimental purposes only. It shouldn't be considered secure.