Github login on lab.libreho.st


#21

I’d be happy to configure GitLab at git.coop to be used as a SSO server for libreho.st services if someone could let me know what would need to be done.

PS I’m replying by email as I’m unable to login here as the password reset appears not to work?


#22

I’m not sure from your post what is your proposal. Can you make an unambiguous statement instead?

Add ‘Login from Github’ integration.

since we would lose an opportunity to send such users to GH alternatives already.

I’m interested in the ‘coming from Github already’.

I’m not concerned at all that the bulk of ‘open-source’ developers are on GH since most of them cannot make a difference between the former and free software in the first place. We’re interested in contributors who know the difference, so as to engage with them. The others will have to learn the difference first, probably by watching LibreHosters and sister projects mark this difference more clearly.

I suppose this is the kernel of it. I am concerned because I’m not interested in Librehosters becoming a sect where we dismiss ‘open source’ minded developers …

You’ve said they can learn by watching and that’s good but I’d rather they can automatically login and just talk with us on the issue tracker … that interaction has more impact. Why not also take advantage of this option? It’s an acceptable strategy in my mind …

Yes, they can just get another account but from my experience seeing people interact with git.coop, there is resistance to this, even from ‘our people’. See https://github.com/cotech/website/issues/93 and https://www.loomio.org/d/2BZ0CS9e/git-hosting-for-co-operators. I don’t speak for WebArchs but they now have the Github button: https://git.coop/users/sign_in.

Like, take for example the Anarchist federation https://www.vrijebond.org, they have a facebook page: https://www.facebook.com/vrijebond/. I am sure they had this argument internally - ‘should we add the facebook button’. Now my mother gets anarchism posts on her feed and I think it’s great! The Vrije bond continues to be radically anti-capitalist and maintains its integrity …

And while this discussion is potentially ‘going political’, I don’t want to block motivation for the other logins :cowboy_hat_face:


#23

So this gives me some questions:

Are you using an SSO platform at the moment or will you be using us as an SSO provider in your gitlab instance?

I can assist you with the setup and support :slight_smile:

Related to the email issue could you direct message me your email address i and i will in the meantime debug :slight_smile:


#24

Working on the mail issue think ive found the source.


#25

Are you using an SSO platform at the moment or will you be using us as an SSO provider in your gitlab instance?

The SSO GitHub login link was a unexpected side effect that resulted from creating and configuring the gitdotcoop account on GitHub to enable easier syncing of repos at the request of @decentral1se.

There is still a email domain whitelist for account creation at git.coop so I don’t think that any GitHub user can sign up for an account (feel free to test this and let me know if this isn’t the case!).

Related to the email issue could you direct message me your email address i and i will in the meantime debug :slight_smile:

I don’t believe you can start a private thread via email with Discourse so you would have to start that, I did post some more details in #librehosters-techtalk on Freenode.


#26

I feel its a contradiction to encourage open anything by integrating with a closed platform.


#27

Sorry I didn’t answer your question in my post above.

Are you using an SSO platform at the moment or will you be using us as an SSO provider in your gitlab instance?

There are currently no plans to use a SSO platform with git.coop.

I though @decentral1se was suggesting using git.coop as a SSO provider for libreho.stgit.coop is only open for account creation by members of Webarchitects (you can join for £1 or more) and this is not due to change.


#28

Ah right, yes that work work!

Lets try it :slight_smile:


#29

Can you make an oath application for libreho.st in gitlab and send me the details, token, url etc privately :)?


#30

Yes, I think it’s better since we should not use direct app login from Gitlab anymore and only use SAML through the Keycloak.

Well, please read the previous conversation, and understand why it’s not acceptable for us to make visible a link to Microsoft. Since all 3 ‘acceptable’ identity providers accept GH logins, there’s no reason why we should not support them instead of Microsoft.

Being anarchist does not preclude having different strategies. Probably the Dutch AF has no serious sysadmin in their ranks and prefer to adopt a Marxist approach to gather a critical mass – hahaha. More seriously, what they do does not concern us.

Rather the opposite: librehosters were created as a political response to the GMAFIA oligarchy, so the position is political from day one.

Our strategy is to make visible what alternatives exist, not to support the enemy. If we say the enemy is the GMAFIA, then we do not make them visible. Supporting our friends makes much more sense, hence the will to put into visibility Framagit, Git Coop (and to a lesser extent, Gitlab, since it gathered most of the GH diaspora, despite being VC-funded core business, it remains the most serious global scale alternative to GH, until it is acquired by some other giant).

It should appear obvious to each of us that making our friends visible is a viable tactic, while making the enemy visible is suicidal since the latter don’t need us to be visible as they’re the masters already, aren’t they?

I’m always puzzled at people who think that it’s good to “degooglize” Internet, but it’s OK to use GMAFIA clouds.


#31

Can you make an oath application for libreho.st in gitlab and send me the details, token, url etc privately :)?

Sure, what is your email address?

I assume the attached screenshot is the form that has to be completed?

What should I use for “Redirect URI” and would I be correct to assume I need to tick some (which ones) of these four boxes?

  • read_user
  • openid
  • profile
  • email


#32

my username AT weho.st not written in full for spam reasons.


#33

https://login.libreho.st/auth/realms/librehosters/broker/git.coop/endpoint


#34

We got git.coop logins workin!


#35

Hi Pierreozoux,

I understand where you are coming from on this one but I do have to say we have values for a reason and we should not lower them because doing the wrong thing is always easier than doing the right thing and our values represent all of us in the syndicate.

I feel fundamental it’s a fine line between Microsoft, GitHub and say allowing SSO from AWS or any closed platform and this would turn our values from libre and open to any big saas cloud provider or hip enterprise because hey why not everyone is using them.

Now I’m not trying to point fingers or persecute but what is the point of librehosting if we are going to start discussions with:

we have to remain the example of what we want to be and that is not always easy but we can’t advocate for freedom of information and then, in turn, break our own standards of which we want to see more of in the world.

now once again I mean not to offend nor to anger anyone I also do not complain about things unless I really feel strongly about them so I hope you can see reason in my thoughts and opinion (of course it goes without saying anything I say on here is my own opinion and in no way or form official or authoritative)


#36

I can confirm that using git.coop to login to this Discourse server and also GitLab appears to be working :slight_smile:.


#37

Then what to say about https://framagit.org/ and co.? They integrate. I don’t see this as a contradiction. The more ‘I only do Github’ people who walk in my front door, the better! I’ll be ready to speak against the world of Githubs. This is the point for me.

It isn’t a question of support. It’s about making it easier for contributors to get acces to the platform. Even with the friendly SSO providers there is no way for a new person to tell that they won’t have to fill out a large form there too (unless you go and see but probably we lost them at the lab.libreho.st). Maybe not though but it’s more clicks, which is the point (from experience, we know this matters).

It’s hard to believe you’re arguing in good faith when you make such statements.

I wouldn’t take that quote without the following (same post). I assume it was just a part of writing off the cuff …


#38

btw, thanks to all for making the SSO integrations happen @ login.libreho.st.

Cross posts! https://members.webarchitects.coop/t/git-coop-support-plan-for-members/47/11


#39

This is exactly why it’s good for us to use them, since we don’t have to.


#40

Ok, I see that you added git.coop, it is nice already :slight_smile: Thanks!

I’d like to discuss the workflow to signin/signup in our gitlab instance.

Can I be admin of the instance? (Then I can explore some options myself).

Can we automatically redirect to the SSO if not logged in? (And/or remove the without SSO login and change the text to click the SSO to add signup?) The workflow is not clear at the moment.