OAuth Login Providers - i.e. Login With Google / Facebook / GitHub / etc.

[zicklag]

Is your feature request related to a problem? Please describe.

As a part of developing a deeper ATProto integration for https://a.weird.one, we are thinking of doing PDS hosting so that it's possible to register for Weird without first registering for Bluesky, but still providing you a true ATProto account.

It is important, though, that you be able to login / register for Weird using an OAuth account like GitHub, Facebook, Google, etc.

Describe the solution you'd like

I would like some mechanism that allows me to login to my PDS account using 3rd party auth providers with OAuth / OIDC.

Describe alternatives you've considered

I'm unsure exactly how deep this integration needs to be with the PDS software so far. For instance, it might be possible for me to make a custom login UI that uses a shared secret or some kind of PDS admin token in order to facilitate a custom login process.

This may be the preferred solution, but I think we might still need support in the PDS and I'm not sure what that is yet, so I wanted to open the discussion.

Additional context

This is a relatively new idea, so I've still got research to do on what it will take to accomplish.

I'm not sure whether or not rsky is the PDS that we want to use yet or not, but I'm also not sure whether it will be possible to get this feature into the official Bluesky PDS implementation or not either, so I wanted to see what your thoughts on it were.

[zicklag]

CC @erlend-sh.

[afbase]

in this blog post it states:

In some ways this situation is closer to that between email clients and email providers than it is between traditionally pre-registered OAuth or OIDC clients (such as GitHub apps or "Sign In With Google"). This unfortunately means that generic OAuth client libraries may not work out-of-the-box with the atproto profile yet. We have built on top of draft standards (including "OAuth Client ID Metadata Document") and are optimistic that library support will improve with time.

@zicklag when you say, "I would like some mechanism that allows me to login to my PDS account using 3rd party auth providers with OAuth / OIDC." do you mean something that is going to conform with ATProto OAuth Specification or to more standardized specifications?

[zicklag]

I mean from standardized specifications, and I don't mean replacing ATProto OAuth for ATProto apps.

I mean merely that when I get to this screen, when trying to login to my PDS, I should have the option to authenticate with Google, Facebook, or GitHub, etc. instead of using a password stored on the PDS:

So the PDS stays essentially the same other than that authenticate-with-password step.

Oh, well, and the registration step. I need an API I can use to make a custom UI for registering and logging into the PDS and I'm not sure what options are there yet.