Did someone implement an OAuth2/OpenID provider for PAM? I.e. one can login with their linux login, and access connected OpenID services?
Administered by:
#oauth
2 posts2 participants0 posts today
Dies ist ein Demo-Tröt 
, der mit #nodejs und #OAuth getrötet wurde als Test für #Baustellenbot 
OAuth in VanillaJS: Mind your encodings
https://blog.narf.ssji.net/2025/07/30/oauth-in-vanillajs-mind-your-encodings/
I wrote an implementation of the OAuth Authorisation Grant flow in VanillaJS. It worked pretty well except for some mismatch in String encodings. tl;dr: use `String.fromCharCode` over `TextDecoder` if you want to use `atob`. Or wait for `Uint8Array.toBase64`.
![Screenshot of the Firefox Javascript console. >> (new TextDecoder()).decode(new Uint8Array(digest)); "\u0006C]�\u001c�X����^��.\u0011](https://blog.narf.ssji.net/wp-content/uploads/sites/3/2025/07/2025-07-30T1231195451843271000.png)
Setting up a sector-wide #PeerTube pilot instance on behalf of Dutch higher ed & research using #SSO via #SAML, so no local usernames/passwords…
Anyone with experience uploading videos using the #REST #API for system integration purposes? No classic #OAuth flow here… or is it possible?!
#Framasoft #Fediverse #OpenSource #Education #Science #askfedi
video.edu.nlvideo.edu.nlVideo.edu.nl, is een PeerTube pilot videoplatform van SURF.
Posted this article on my blog on how to authenticate a generic oauth client.
NucuLabsJava - Authenticating a generic client with Spring Security OAuth2 ClientHello everyone 👋,
I recently worked on a small side project written in Java with the Spring Framework and I had difficulties authenticating to an external OAuth2 client using spring security. The solution to my problem was clear after I perused the code and documentation of the Spring OAuth...
I'm trying to configure mastodon for doing SSO with an authentik id. I'm getting "unknown encryption algorithm"
Has anyone else seen this or can you shed some light on what I'm trying to do?
Replied in thread
I lied when I said #PAM authentication will come next week. Here's #WebIDAMd demonstrating password authentication against #OAuth, with a PAM module speaking via #Varlink to the daemon:
asciinema.orgWebIDAMd – First working userdb and PAM demoThis is the second demo of [WebIDAMd](https://codeberg.org/Bergblau/webidamd), **now including PAM authentication**. It demonstrates how WebIDAMd can be used to provide Linux system user accounts ...
I got back to #WebIDAMd, a #systemd-userdbd-based system for using #OAuth / #OIDC / #REST identity providers for #Linux system authentication.
And I can now show off a first demo (no #PAM authentication yet, but user and group listing):
https://asciinema.org/a/728567
In contrast to #sssd's recent OIDC module, WebIDAMd is fully provider-agnostic and integrates transparently with userdbd, the current/upcoming standard in most Linux distributions instead of requiring a full separate software stack.
asciinema.orgWebIDAMd – First working userdb demoThis is the first working demo of [WebIDAMd](https://codeberg.org/Bergblau/webidamd) It demonstrats how WebIDAMd can be used to provide Linux system user accounts and groups from a backend that spe...
New 
Release! MCP Servers with Oauth: A full introduction to MCP, from zero to deployment in one weekend by Zach Silveira #books #ebooks #oauth #technology
This book provides the fastest way to get up to speed using the latest Model Context Protocol authentication specification that was finalized in May 2025.
Find it on Leanpub!
If you manage a web application that uses OpenStreetMap.org authentication or independently use the OpenStreetMap-website code, please see our recent security notice: https://operations.osmfoundation.org/2025/07/11/security-notice.html #OpenStreetMap #OSM #Security #OAuth
Ann: Launched Open Collective for Ruby OAuth gems (oauth, oauth2, & others)
I've been the primary maintainer of OAuth tools in Ruby since 2017. In this move toward supporting myself with open source work I need your help!
https://opencollective.com/ruby-oauth #Ruby #OAuth #Authorization #Security #OIDC
opencollective.comThe Ruby OAuth Collective - Open CollectiveDevelop and maintain OAuth v1.0, 2.0, 2.1, and OIDC client libraries for Ruby, including oauth, oauth2, oauth-tty
Rename `oauth-xx` org to `ruby-oauth`?
Intent of current name was to be a home for oauth tools across many languages, but it never materialized that way. The vestigial -xx is awkward for many reasons, and I think discoverability would improve with a ruby-* org name, and perhaps it could even bring in other oauth-related tools. I have a few thoughts about this, so 
I'm very interested in others thoughts #Ruby #RubyFriends #OAuth #Authentication
#Hollo 0.6.0 is coming soon!
We're putting the finishing touches on our biggest security and feature update yet. Here's what's coming:
- RFC 8414 (OAuth metadata discovery)
- RFC 7636 (#PKCE support)
- Improved authorization flows following RFC 9700 best practices
New features
- Extended character limit (4K → 10K)
- Code syntax highlighting
- Customizable profile themes
- EXIF metadata stripping for privacy
Important notes for update
- Node.js 24+ required
- Updated environment variables for asset storage
- Stronger
SECRET_KEYrequirements (44+ chars)
Special thanks to @thisismissem for the extensive OAuth improvements that help keep the #fediverse secure and compatible! 
Full changelog and upgrade guide coming with the release.
I got #Duende IdentityServer #OAuth working inside an @avaloniaui app. It's pretty easy, thanks to the Duende.IdentityModel package and the browser abstraction. #dotnet
Mixing up Public and Private Keys in OpenID Connect deployments - Hanno's Blog:
blog.hboeck.deMixing up Public and Private Keys in OpenID Connect deployments - Hanno's blog
Wrote an article about using siege and showing how to test your web API's read and write performance, Bearer tokens, custom headers and JSON payloads. It's all there.
https://skybert.net/craftsmanship/the-world-is-mean-so-your-load-tests-must-be-meaner/
skybert.netThe World is Mean, So Your Load Tests Must Be Meaner | skybert.net
/
/
A little rant about e-mail authentication:
https://francisaugusto.com/2025/Email-quo-vadis-or-where-is-oidc-for-everyone/
@mwl I'd love your comment on this!
francisaugusto.comE-mail authentication, quo vadis? (Or where is OIDC/Oauth2 for everyone?)There’s something rotten in the world of e-mail.
Welcome to my new followers. I have taken possession of your souls, for which I am eternally grateful.
By way of #introduction, here are a few things that I am sometimes known for:
I wrote the book API Security in Action published by Manning. It covers a lot about modern application security, JWTs, OAuth, Kubernetes, and is secretly a tutorial on cryptography in disguise.
I discovered the “Psychic Signatures” critical vulnerability in Java’s implementation of ECDSA signature verification (CVE-2022-21449).
My blog has made its way onto Hacker News a few times.
I’m fairly active in the #OAuth working group at the IETF. I used to be the Security Architect for ForgeRock (now part of Ping Identity).
In my past I have mostly been a software engineer. I also have a PhD in computer science, for what it’s worth, but only my bank calls me Dr and my daughter thinks I’m lying about that.
These days I run a company, Illuminated Security, that provides AppSec and Applied Cryptography consultancy, review, bespoke development, and training. I’m always happy to answer emails (eventually!) on most topics.
Manning PublicationsAPI Security in ActionThis comprehensive guide gives you the skills to build strong, safe APIs you can confidently expose to the world. It teaches you how to create secure APIs for any situation.