Centralized Authentication Service For The Benefit Of Glorious Wownero Using OAuth2/OpenID

Posted on 2020-06-12 by dsc
Status: Disabled
Target: 5000.0 WOW

This proposal is disabled.

WCAS - Wownero Centralized Authentication Service

Wownero could use an identity and access management thing hosted on login.wownero.com that serves as the central single-sign-on solution for all things related to logins.

Why?

Wownero currently has several services:

  • https://wownero.com/ (webshop)
  • https://funding.wownero.org (funding system)

These work independently from eachother, meaning, they all have their own user database, own login logic, and they implement password recovery differently.

If someone creates a Wownero service that requires a login, he/she will need to host/implement user authentication himself. This is rather annoying for both the users and developers.

So I propose to use Keycloak as OAuth2 (OpenID) SSO system that any service can use (core, or third-party). The idea is that people can login with their credentials on login.wownero.com and get redirected to the application/service in question. This is totally safu™.

Wownero is still in its infancy in terms of services so now might be the right time to provide a single-sign-on for the community before things get out of hand.

Milestones?

  1. Rent VPS @ OVH
  2. Install keycloak
  3. Configure it
  4. Configure nginx to use certbot-nginx for certificate renewals
  5. Write a document on how to use this auth system (intended for third-party developers)
    • includes Python & Wordpress example
  6. Modify the wownero-funding-system such that it uses the new auth system.
  7. Possibly migrate the wownero-funding-system users if possible (depending on if keycloak supports bcrypt hashes, dont think it does)

How much?

  • 116 USD - for a 2 year VPS @ OVH (1 vCore / 2 GB Memory / 40 GB SSD NVMe)
  • 200 USD - for me because 2 days~ of work + hookers & blow

10000 WOW (rounded to 10k just bcuz)

Alternatively, we could choose to use the dev fund for hosting costs.

Outcomes?

  1. Developers dont have to care where/how user accounts are created
  2. Developers dont have to store user credentials in their services
  3. Developers dont have to create "forget password" logic
  4. Users will have a single account that they can use in multiple places
  5. Optionally, Keycloak allows stuff like F2A, login with ...insert popular service..., etc.

Why you?

I have experience hosting keycloak in production, etc etc

Comments
You need to be logged in to comment.

dsc [op] [admin] 2020-06-25 20:50 It is finished!! Visit: https://login.wownero.com to get a WOW account.
These fine services already make use of it: WFS, Forum, Git
naisu reply
Incoming transactions (16)
Outgoing transactions
Events
wowario [admin] 2020-10-23 05:51 Moved to status "Disabled".
dsc [op] [admin] 2020-06-25 21:05 Moved to status "Completed".
wowario [admin] 2020-06-13 12:08 Moved to status "Funding".