Finally have login and user authentication working on my distributed build system written in , including through the interface!

Through , it still uses username/password because I think client certs are dumb.

@jeff why do you think so about client certificates? I'm curious

@solene I feel like they are a bizarrely complicated solution to the issue of identity.

@jeff it's no more than a token file to identify someone instead of a bunch of text. I suppose this may seem different if you were asking to provide the file for authenticating instead of managing the cert in the client

@solene meh, I'll just stick with username/password. I don't participate in the community anyway, so my opinion isn't particularly important.

@jeff no problem, I was just curious :flan_smile:

so on Gemini you input the login and password concatenated or you use first an input for the login, load a new page and ask for the password?

Follow

@solene the second option, yes. "/login.gmi" requests a username, that redirects to "/login/<username>/password.gmi" that requests a password. If validated, a session is then assigned.

If you can follow the spaghetti code, the auth is handled in "external_input_request_gemini:"

git.approximatrix.com/cgit.cgi

@jeff the code seems fine, I don't know fortran but a quick look for a few things didn't bring horrors to me :flan_smile:

Maybe when you visit loginfailed.gmi you could make use of a status code? I suppose there is a status code for failed login.

Sign in to participate in the conversation
Toot @ Rainbow 100

Mastodon is a distributed social network of sorts, and this server hosts a tiny instance of it.