The future of Fedora Magazine auth

Hi,

@arrfab mentionned to me that the plugin used for the authentication of our respective project blog is now EOL, as it can be seen on GitHub - diso/wordpress-openid: Allows WordPress to provide and consumer OpenIDs for authentication of users and comments. (since June 2024). He also noticed that a upgrade to 6.6.1 break the plugin (while it worked before). Fedora magazine is still on 6.5.5, but sooner or later, we will have to upgrade.

We need to find another solution.

From here, there is multiple choices:

  • someone fork wp-openid and maintain it (or take a existing openid plugin). I have not looked yet at what exist.
  • move to another protocol (SAML, IndieAuth, etc). I already done that for another blog, and it was a bit painful due to the current hosting platform blocking the exact URL used by the plugin (so I have a gory workaround)

So if someone has a creative solution or a preference, please do not hesitate to share it.

I’m not really all that familiar with the inner workings of the FAS authentication stack. I don’t have any ideas or preferences. Thanks for the heads up that things might be breaking in the near future. My only request would be that you try to avoid breaking things around release time. :slightly_smiling_face:

Hi,

@arrfab mentionned to me that the plugin used for the authentication of our respective project blog is now EOL, as it can be seen on GitHub - diso/wordpress-openid: Allows WordPress to provide and consumer OpenIDs for authentication of users and comments. (since June 2024). He also noticed that a upgrade to 6.6.1 break the plugin (while it worked before). Fedora magazine is still on 6.5.5, but sooner or later, we will have to upgrade.

We need to find another solution.

From here, there is multiple choices:

  • someone fork wp-openid and maintain it (or take a existing openid plugin). I have not looked yet at what exist.

We want to move away from openid. keycloak doesn’t support it, and we
want to move to that from ipsilon)

  • move to another protocol (SAML, IndieAuth, etc). I already done that for another blog, and it was a bit painful due to the current hosting platform blocking the exact URL used by the plugin (so I have a gory workaround)

So if someone has a creative solution or a preference, please do not hesitate to share it.

OIDC would be best, but failing that SAML should work…

There are two widely used OIDC/OAuth2 plugins for wordpress. One is opensource, another one is partially opensource. I think the opensource one should be fine for our purposes. I think it is now moved to OpenID Connect Generic WordPress · GitHub organization.

1 Like

Yeah, @arrfab is also looking at OIDC, so that’s likely the best choice if it work.

In order to test, I need to upgrade the stg instance. However, it seems to be stuck on a older version despites auto upgrade (and now show a error). I will try to fix it, but in the mean time, the stg blog is not functional (not sure if that’s due to some upgrade or if I broke it)

1 Like

I moved prod to stg (made a copy), but like last time, Jetpack complained. I think I didn’t break it , but if Jetpack is broken on the blog, please tell me so I can take a look.

I added the plugin suggested by @abbra and opened a ticket for the secret. For now, I am testing on the community blog stating, but once that’s done, I will move the others blogs one by one and warn in advance.

2 Likes