Yes anything that supports OAuth2 can use this to login using SQRLStupid question. Does this allow me to login using this OAUTH2 provider that supports SQRL to login to Microsoft O365 ?
Can I setup such a oauth2 re-direct? ( yes, I am a o365 global admin of my org on the ms tenant )
How is Oauth different from Oauth2? (when using SQRL)OAuth is not the preferred solution, it is just the currently available solution. The OAuth protocol requires information because of who originated it (FaceBroke and Google and big companies like that) and they gather info about you when you use it. The provider of the SQRL OAuth is not about this, and will provide the service without requiring real information.
The real solution is for all sites to integrate a native SQRL solution, but that will take time. OAuth support like this is a stopgap until then.
is the site still maintained? login doesn't workUpdate 1/3/2019:
Fixed a few bugs including the ability to Lock / Unlock the SQRL account.
Over the last couple of weeks, I've been working on a functioning OAuth
2 provider that works with SQRL (Exclusively)
This should in my opinion allow millions of sites (if they chose to) to
adopt SQRL without having to change much on the backend.
I am finally in a pre-alpha release stage and wanted to share it with
everyone here and get some input and thoughts on it.
Following the SQRL moto, I've made it so you can remain pretty anonymous
and still use the service and of course there are really no Secrets to
keep. When you first login I will create a "random" account for you using an account generating API, it is up to you if you want to update change those account details or if you want to remain "anonymous"
It currently implements the basic Authorization Code grant flow and
works fairly well.
I'm planning on releasing it in Beta sometime this week to let whomever
wants to try it play with it.
I run a discourse forum like Leo so I've made sure that it will work
with Discourse out of the box so the community at twit should be able to
start using it (if Leo chooses to) pretty easily.
Anyways here's a quick demo of it in my discourse instance.
(Again, this is still in alpha / pre-alpha so if you go poking around
things may blow up lol but feel free to)
It uses the Ask facility (if available) to act as the Permissions
Granting Screen of OAuth, I thought it was a pretty neat way of putting
the entire permissions structure in SQRL
We also have the ability if we want to, to make each site have a unique
identity though I have that disabled right now, but if you think it
would be worth it, I can certainly make it default. The reason for
disabling it is that managing the accounts could get cumbersome.
I have to give a BIG thanks to @TechLiam and @Jeffa who have been my
sounding board over in slack while I slugged through the protocols and
Faught with the specs.
Also, a zillion thanks to @Paul F who let me use some of his tools like
SQRLView and his command line SQRLClient for troubleshooting.
Seriously SQRLView is an amazing piece of software and it should be
shouted from the rooftops for anyone writing and or dealing with SQRL.
Liam's DotNetCore Middle-ware is also a great piece of open source
engineering and it keeps getting better.
Cheers guys and thanks again, I look forward to some feedback.
Thanks to @Steve for providing this space for testing, enhancements , feature requests and issues. I will be making a write up on how to use it and set it up etc shortly.
Thanks Paul!@Steve @n333 @josecgomez Jose's SQRL OAuth site hasn't accepted new registrations in a long time. Jose kept saying he'd check into it, but he's busy, and I don't think he has ever made the time to fix it. It did continue working for registered users, but I stopped using it (because the only site I ever used it with required me to enable TOTP authentication), so I can't even comment if even that still works.
As a professional programmer, I can take it.@josecgomez since you seem too busy to fix it (or too disinterested?) are you willing to open source it and/or transfer the domain to someone else who would have the time and willingness to advance it? I get how it's not really worth the time and energy to work on when no one is using it, but the other side of that coin is if the only user (TWiT) that is using it is failing, it's kind of killing any chance it would otherwise have.
I think Steve is a little over ambitious when he says there are developers working on anything SQRL related. Lot's of things could happen, but I don't think many are... there probably haven't been more than 50 posts here in the last year.incorporate WebAuthn(FIDO concept) with SQRL(modified version of SQRL)?