Passkeys would be a UX with less friction than OAuth. Both could be used, but if choosing one, I’d go with passkeys.

“Log in with Mastodon” could be cool. I don’t feel the need to have Google associated with anything in any way, even if very minor.

@rimu SSO with LDAP support would be great so installing with other fedi apps you can all use one login. Also maybe keycloak

I would rather have a login which is compatible with many providers so rather a specific protocol like one of OpenID Connect, OAuth 2.0, and/or SAML.

OAuth support would be great as it would allow existing Mastodon communities launch a piefed for their members!

Did anyone of us ever evaluate the available Python/Flask libraries for OAuth2/OIDC? Or have some experience with specific ones?

I’ve had a look at this and our available options. I’m leaning towards either Flask-Multipass of Flask-Security. I think that’d solve all our problems with one (admittedly fairly extensive) blow.

Of course neither of the two include all the options, one seems to lack WebAuthN(Passkeys) and I can’t find LDAP in the other one. Both methods have been requested… But that’s not the main concern as I mainly prefer a relatively clean and maintainable solution over features.

And Flask-Security looks like a much more integrated solution. Which is nice, but we might end up needing more flexibility for the Fediverse stuff, so I’m not sure if we can make use of this. It’ll want to handle stuff like roles, sending confirmation mails, etc which we currently have our own code to deal with. On the other hand, if it’s a clean way to abstract things away…