Forem Creators and Builders 🌱

Discussion on: Should all forems share an authentication system?

Collapse
 
ben profile image
Ben Halpern

This comes into the topic of pseudo-centralization, where we offer one centralized forem identification.

We want Forem to work in such a way where it doesn't need this centralized approach, but yes, I think a central Forem authentication service is probably something that should exist to complement things.

We could build a central forem.com identity management app which plugs into Forems and gives folks functionality to simplify their identity across platforms. It's important that individual forems remain independent, and also that the ecosystem "trust" us (just as they do Twitter, Google, GitHub and any other auth providers)...

All that is to say, it's good you bring it up. If we didn't want to value the decentralized components of this system and went the "traditional" authoritarian route, we might have already built this. It's probably a natural step to have some components of optional pseudo-centralization.

Collapse
 
ajhalili2006 profile image
Andrei Jiroh

What if I want to merge two Forem accounts into one (e.g. forem.dev and dev.to)? How do I combine my user data across Forem instances without a data loss?

Collapse
 
nektro profile image
Meghan

I think the idea is more about making forem somewhat federated in regards to account management.

ie there's forem.dev and dev.to and allowing a user to, for example, sign up for forem.dev with their dev.to account and so on. thus, instead of going to one of the configured oauth2 providers, forem.dev would query dev.to for my user info.

Collapse
 
ben profile image
Ben Halpern

Yup, I've definitely had this thought. Each Forem itself already kind of has that functionality. We never developed it generally (only used it for a few key cross-posting use-cases), but built it so it could be expanded that way.

In thinking through the near future, I eventually started thinking that the first order of business would be creating a central Forem auth system as a start because I think the total federation model can be really confusing for folks outside the tech bubble..... But as an option we build in after (or maybe in parallel) it could be a really really cool way for folks to manage their presence. The two concepts could also have some interplay. e.g. the forem.com auth system wouldn't allow two forems to speak to one another or know that this user is authed in both places because that knowledge is private, but in some cases it could make perfect sense to auth some communities together explicitely.