Skip to content

Allow reusing authentication from other apps - SSO? #660

New issue
New issue
Open
Open
Allow reusing authentication from other apps - SSO?#660
Labels
enhancementNew feature or requestneeds tech designTechnical solution should be figured out before implementingnot sure if worthnot sure if this is worth implementing yetother appsfor integrating into other apps
Milestone
 
update #7
@keyserj

Description

@keyserj
keyserj
opened on Feb 18, 2025

Describe your issue

Some related apps may benefit from including Ameliorate in their experience, enabling precise discussion of some problems related to their app. In these cases, it seems ideal for those app's users not to need to re-authenticate in Ameliorate in order to take authenticated actions in Ameliorate (e.g. editing). I.e. it seems ideal to be able to reuse other app's authentication.

Example: Digital Democracy Project has a mobile app that embeds Kialo to provide bill summaries that citizens can engage with. Their website embeds Kialo too (if you click Show Kialo Discussion on a bill's page). It'd be ideal for their app's users to be able to take authenticated actions in Ameliorate without having to manually authenticate in Ameliorate.

This isn't super useful until #659 is done.

Solution you'd like

SSO...?

Questions:

  • how to give them a username while guaranteeing it does conflict with an existing Ameliorate username?
    • maybe the other app could pass a username and numbers could just be appended to make it unique, and Ameliorate could provide easy username-rename functionality

Alternatives you've considered

  • allow configuring Topic permissions such that anonymous users can make suggestions
    • this might be desirable anyway to make it easy/quick for people to contribute when linked to from elsewhere e.g. reddit
    • could store unique anonymous user id in localstorage/cookies for this
      • but would need cookie banner?
      • and this would be device-specific
  • require users to make an Ameliorate account if they want to make suggestions/edits
    • this would be a little disruptive/annoying for users, since this already had to make an account in the other app
    • based on investigation into embedded localstorage in Allow embedding Ameliorate in other sites #659, the embedded auth cookie might be separated from a non-embedded auth cookie?
      • logging in within the other app, separately from directly on Ameliorate, would probably be a little annoying
  • require other apps to self-host Ameliorate with their own authentication
    • this would be annoying for them to have to do, plus it would forfeit the benefits of sharing traffic with ameliorate.app (like discoverability)

Additional context

No response

Technical ideas and questions

  • Auth0 mentions SSO capabilities in its expensive professional/enterprise tiers (pricing)
    • but ChatGPT seems to think that these capabilities are extras, and that the free tier provides enough for this use case (ChatGPT chat log)
  • seems like SSO requires a central auth provider that both Ameliorate and the parent app would need to trust

Questions

  • is there an example of sites doing this?

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestneeds tech designTechnical solution should be figured out before implementingnot sure if worthnot sure if this is worth implementing yetother appsfor integrating into other apps

    Type

    No type

    Projects

    ameliorate

    • Status

      No status

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions