your-land/bugtracker
your-land
/
bugtracker
44
20
Code Issues 2.5k Projects 2 Wiki

Oauth2 provider that connects to MT auth DB via SRP #4906

New Issue
Open
opened 2023-07-08 23:54:58 +00:00 by AliasAlreadyTaken · 5 comments
AliasAlreadyTaken commented 2023-07-08 23:54:58 +00:00
Owner
Copy Link

In the beginning, we only had gitea as a secondary system, whoever wanted to take part there had to make another account. Now there's a demand to have a forum, a wiki and possibly more adjacent services like pasteboard or image/skin upload.

Let's have an oauth2 provider that connects to MT auth DB via SRP. Musthaves:

  • no plaintext passwords anywhere
  • Alias can understand what's going on
  • open source
  • acts as an oauth2 provider
  • uses MT auth db as auth source

A possible candidate is this, even though its on docker and currently lacks a license:

https://github.com/minetest-go/mtauth

In the beginning, we only had gitea as a secondary system, whoever wanted to take part there had to make another account. Now there's a demand to have a forum, a wiki and possibly more adjacent services like pasteboard or image/skin upload. Let's have an oauth2 provider that connects to MT auth DB via SRP. Musthaves: * no plaintext passwords anywhere * Alias can understand what's going on * open source * acts as an oauth2 provider * uses MT auth db as auth source A possible candidate is this, even though its on docker and currently lacks a license: https://github.com/minetest-go/mtauth
🎉 1
AliasAlreadyTaken added the
1. kind/other
 label 2023-07-08 23:55:13 +00:00
AliasAlreadyTaken added this to the Alias@work project 2023-07-08 23:55:18 +00:00
flux commented 2023-07-09 00:26:47 +00:00
Member
Copy Link

i can take a look at this at some point. i've set up a couple SAML instances (before OAuth existed), and could probably learn what's needed and give advice.

i can take a look at this at some point. i've set up a couple SAML instances (before OAuth existed), and could probably learn what's needed and give advice.
AliasAlreadyTaken commented 2023-08-23 13:54:55 +00:00
Author
Owner
Copy Link

This is an example of how SRP can be checked in C

https://github.com/est31/csrp-gmp/blob/master/test_srp.c

There is some weird and old documentation here:

https://doxy.minetest.net/srp_8cpp.html

The minetest dev wiki only has limited info, but still some:

https://dev.minetest.net/Engine/Network_Protocol#Authentication_since_protocol_25

That's how MT does it:

https://github.com/minetest/minetest/blob/master/src/util/srp.h

This si said to be a mt_auth implementation for use by outside services:

https://gitea.your-land.de/your-land/mt_auth

This is an example of how SRP can be checked in C https://github.com/est31/csrp-gmp/blob/master/test_srp.c There is some weird and old documentation here: https://doxy.minetest.net/srp_8cpp.html The minetest dev wiki only has limited info, but still some: https://dev.minetest.net/Engine/Network_Protocol#Authentication_since_protocol_25 That's how MT does it: https://github.com/minetest/minetest/blob/master/src/util/srp.h This si said to be a mt_auth implementation for use by outside services: https://gitea.your-land.de/your-land/mt_auth
Bla commented 2023-08-23 15:34:57 +00:00
Copy Link

That's how MT does it:

https://github.com/minetest/minetest/blob/master/src/util/srp.h

also
https://github.com/minetest/minetest/blob/master/src/util/srp.cpp

> That's how MT does it: > > https://github.com/minetest/minetest/blob/master/src/util/srp.h also https://github.com/minetest/minetest/blob/master/src/util/srp.cpp
flux commented 2023-08-24 01:05:47 +00:00
Member
Copy Link

picking an extensible oath2 provider is probably the first step.

picking an extensible oath2 provider is probably the first step.
flux commented 2023-08-24 02:50:41 +00:00
Member
Copy Link

srp should not bet too hard to implement given the right primitives and the existing documentation and implementations.

srp should not bet too hard to implement given the right primitives and the existing documentation and implementations.
AliasAlreadyTaken removed this from the Alias@work project 2024-04-12 20:43:41 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
1. kind/balancing

Depends on balancing

  
1. kind/breaking

something that alters or disables an existing game mechanic

  
1. kind/bug

Something is not working

  
1. kind/construction

A build needs fixing

  
1. kind/documentation

Needs proper documentation

  
1. kind/enhancement

New feature

  
1. kind/griefing

players despoiling builds or nature

  
1. kind/invalid

Not a valid report, e.g. created by mistake with no content.

  
1. kind/meme

issue is mostly a joke

  
1. kind/node limit

something which works for or against the node limit

  
1. kind/other

Something not within the other kinds

  
1. kind/protocol

something concerning how staff should react to player requests, or how players should treat each other

  
2. prio/controversial

not likely to happen w/out a lot of discussion

  
2. prio/critical

Very important

  
2. prio/elevated

something players are eager to have fixed

  
2. prio/good first issue

the resolution to this is could be done by a new minetest contributor, who doesn't yet understand the mod ecosystem

  
2. prio/interesting

one of us has real interest in getting this implemented or fixed. however, more research might be needed.

  
2. prio/low

Not so important

  
3. source/art

art needs to be created or found for this to exist. includes sound, 3d modelling, and in-game building.

  
3. source/client

Issue is with the minetest client, or with player client configuration or the technical details of their setup

  
3. source/engine

Issue is due to a bug or feature of the minetest engine

  
3. source/ingame

Problem and solution exist in-game, e.g. builds or player moderation

  
3. source/integration

Two or more nonbuggy mechanics conflict, or our attempts to rectify conflicting mechanics have created a new bug

  
3. source/lag

A problem which is caused or made worse by lag, due to server processing issues, client processing issues, or network issues

  
3. source/license

A licensing problem is involved

  
3. source/mod upstream

Problem is upstream (not engine/client)

  
3. source/unknown

   
3. source/website

Affects the website

  
4. step/approved

Alias has approved this feature, someone should implement it

  
4. step/at work

Being worked on

  
4. step/blocked

we plan to do this, but other work has to be finished first

  
4. step/discussion

issue is under discussion, a solution has not been dictated or agreed upon

  
4. step/help wanted

Need some help

  
4. step/needs confirmation

   
4. step/partially fixed

this is mitigated or partially solved, but more work needs to be done

  
4. step/question

More information is needed

  
4. step/ready to deploy

has been QA tested by another person. has no outstanding issues. might be installed on prod, but needs final testing

  
4. step/ready to QA test

the code is supposedly fixed, but needs to be tested.

  
4. step/want approval

Someone can quickly implement this if Alias approves the change/feature

  
5. result/cannot reproduce

   
5. result/duplicate

This issue or pull request already exists

  
5. result/fixed

problem is fixed

  
5. result/maybe

not planned currently, but maybe some day

  
5. result/wontfix

the reported issue won't be changed, whether it's intentional or not.

  
ugh/petz

yet another petz bugz.

  
ugh/QA main

That's something we can only wait and see whether it hapens again: On the main server

  
ugh/QA NOK

Fix didn't yield the expected results

  
ugh/QA OK

tested

No Label
1. kind/balancing
1. kind/breaking
1. kind/bug
1. kind/construction
1. kind/documentation
1. kind/enhancement
1. kind/griefing
1. kind/invalid
1. kind/meme
1. kind/node limit
1. kind/other
1. kind/protocol
2. prio/controversial
2. prio/critical
2. prio/elevated
2. prio/good first issue
2. prio/interesting
2. prio/low
3. source/art
3. source/client
3. source/engine
3. source/ingame
3. source/integration
3. source/lag
3. source/license
3. source/mod upstream
3. source/unknown
3. source/website
4. step/approved
4. step/at work
4. step/blocked
4. step/discussion
4. step/help wanted
4. step/needs confirmation
4. step/partially fixed
4. step/question
4. step/ready to deploy
4. step/ready to QA test
4. step/want approval
5. result/cannot reproduce
5. result/duplicate
5. result/fixed
5. result/maybe
5. result/wontfix
ugh/petz
ugh/QA main
ugh/QA NOK
ugh/QA OK
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: your-land/bugtracker#4906
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?