loading...
Cover image for Should all forems share an authentication system?

Should all forems share an authentication system?

albertopdrf profile image Alberto Pérez de Rada Fiol ・1 min read

Hey! 👋 It's nice to be here!

I wonder if it would make sense to have a shared authentication system among all forems. I'm not sure if "authentication system" is the correct concept for the feature I'm picturing, so let me try to explain how it would work so we are all on the same page:

  • A user visits a forem, whose community they want to join. They register and create their profile, which gets saved into an upstream database.
  • Later on, the same user visits another forem, whose community they also want to join. Instead of registering again and creating a new profile from scratch, their information is fetched from the upstream database. Everything could be ready to go in ONE click!

I think this would provide a better user experience. What do you think about this?

Discussion

markdown guide
 

This comes into the topic of pseudo-centralization, where we offer one centralized forem identification.

We want Forem to work in such a way where it doesn't need this centralized approach, but yes, I think a central Forem authentication service is probably something that should exist to complement things.

We could build a central forem.com identity management app which plugs into Forems and gives folks functionality to simplify their identity across platforms. It's important that individual forems remain independent, and also that the ecosystem "trust" us (just as they do Twitter, Google, GitHub and any other auth providers)...

All that is to say, it's good you bring it up. If we didn't want to value the decentralized components of this system and went the "traditional" authoritarian route, we might have already built this. It's probably a natural step to have some components of optional pseudo-centralization.

 

Hi Alberto!

In this discussion started by James Turner in my post about API v1 we ended up also taking about authentication.

As we're not a multi tenant architecture my initial thoughts were to lean towards a decentralized architecture, both for trust reasons (Forem's code can be changed, so there's no, at least the present moment, way to trust a Forem installation that's not managed by Forem the company), for security and for privacy. StackExchange comes up often in comparison.

As you can imagine this is very much an open discussion that includes possible requirements that we haven't foreseen (like the need for a centralized alternative as Ben mentioned), possible technical limitations and privacy concerns on user management.

Some of these surfaced in the discussion in that post, like "should a user profile be portable between Forems, and what if a person wants to be someone else on another Forem?" or "should the Forems know about any of the other profiles that this human impersonates if they decide to "link"?".

Should there be a foremauth.com/1234 which universally represents rhymes across forems? Does rhymes actually care to have a central profile panel? Should the person just make new accounts if they don't want to be linked to the others in that particular Forem?

 

My two pence is that I already have (deliberately) different bios for my Forem and Dev accounts. I've also chosen different UI so that I can easily recognise which of the two I am on. I like the idea of having my somewhat separate accounts, but they are both using my GitHub login

 

Yup, I think it's important that people can genuinely be different people in different scenarios— We just need to do it as friendly as possible because the complexity of management could grow pretty quickly.

 

Hey there, I'm a lead product designer at Forem, and I'm going to be looking into this user experience to make sure that it is sensible while fulfilling the technical constraints we're setting out :)

I want to a share few ideas for user stories to gut check my design explorations on around how people belong to multiple Forem communities. Can you let me know if this is an exhaustive enough list?

  1. Someone signs up a Forem community for the first time.

    • They were invited to a private community.
    • They were invited to join a public community.
    • They discovered a public community to join.
  2. Someone with an existing Forem account joins a new community.

    • They onboard to new community.
    • They switch between communities.
  3. Someone signs out of one community.

    • Do they sign out of only that one community? (de-centralized)
    • Do they sign out of all communities? (centralized)