dansupJul 6, 2023

✨ Better onboarding

Pretty soon you'll be able to sign up with your Mastodon account, or use it to sign in on @pixelfed

Calckey and other platforms will launch later!

Show threadSkylar Caulfield Jul 6, 2023
@dansup @pixelfed how does this work, is your pixelfed do you still have your pixelfed account on your main instance or does it somehow post the images to your mastodon account?
Show threadMark Shane Hayden

@skymtf If it works like the Peertube plugin that does a similar thing then when you log into Pixelfed it redirects to your masto server, goes through the login process there if you aren't already logged in, then masto sends back a "key" to pixelfed essentially saying "Skylar is logged in" then boom...you are redirected to pixelfed logged in!

It is pretty automatic...most times you would just see a masto page briefly appear and then back to pixelfed. It is still 2 accounts on 2 servers and no crossposting or any other data sharing happens besides verifying a person's identity. It is just 2 independent accounts with common credentials.

You could technically do the opposite too if Gargron made it easier...log into masto with pixelfed credentials...or you could have multiple masto alts authenicating with the credentials of your main...or whatever other website that uses the same standards (likely OAuth/OIDC)

@dansup @pixelfed

Jul 6, 2023 at 3:57amWeb
Show threadZii0Jul 6, 2023
@msh @skymtf if I get your explanation correctly, it means if your Mastodon instance disappears, you also lose your pixelfed account because you have no more way to authenticate yourself on your pixelfed instance right?
I've never used this option with GAFAM account for privacy reasons, although we don't have (for now) to worry about this part with the fediverse, it still seems a bit dangerous to me.
Show threadmounderfodJul 6, 2023

@zii_0 @msh @skymtf you can reset your pixelfed password at any time by the looks of it, which would disconnect it from the SSO

Perhaps there'll be a way to reconnect afterwards if you move instances ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯

Show threadMark Shane HaydenJul 7, 2023

@mounderfod @zii_0 @skymtf yeah you could use the same mechanism as password recovery to link to another ID provider if your current one goes defunct so it actually isn't that big of a deal.

I would ideally like to have a generic OIDC authenticator to do web single-sign-on to all my web things including various federated apps, and maybe it could be the root of all my rel=me links indicating it is Really Me.

Show threadZii0Jul 7, 2023
@msh @mounderfod @skymtf That sounds nice!