#auth
These are public posts tagged with #auth. You can interact with them if you have an account anywhere in the fediverse.
So... Authentik was pretty easy to set up. I was able to integrate it into an app I'm running on my Proxmox server pretty easily, but there are a LOT of settings and options that I could spend a LONG time figuring out in this app!
🪬
Are you spontaneous & have nothing planned for the day after tomorrow? Then come and join us at to our TechTalkThursday! 
On 5 June, we will open the doors at 5:30 pm, the first talk will start at 6 pm and at 7:30 pm there will be pizza, beer and the possibility to have a chat with speakers and the community. 
You can find everything else here https://www.meetup.com/ninetechtalkthursday/events/306256508/, we'll also be streaming the whole thing live on YouTube: https://www.youtube.com/watch?v=8_-QiLzNM7w 
#techtalkthursday #ai #llm #auth #nine
For those skeptical of DMs in #ActivityPub: I'm also considering an alternative verification approach using ActivityPub's Question feature. Instead of sending numeric codes, the system could send a poll with several emoji options, and the user would select the one that matches what's displayed on their login screen. This visual authentication method might offer better security against certain automated attacks while still leveraging federation rather than platform-specific APIs. Would this approach address some of the privacy concerns around DM-based verification?
I'm exploring a new idea called FediOTP (codename): an authentication system that uses #ActivityPub DMs to deliver one-time passwords, allowing any #fediverse account to authenticate with web services. Unlike current solutions that rely on specific APIs (#Mastodon, #Misskey), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.
gihyo.jp 
I improved my earlier prototype on MCP server auth with Entra ID - it now can use "session tokens" instead of pretending to be a public client 
All open-source, on GitHub, and written with TypeScript.
https://den.dev/blog/mcp-server-auth-entra-id-session/
#mcp #modelcontextprotocol #ai #auth #security #webdev #azure
The open-source security / authentication stacks are great at the core of what they do.
... I still want to grab some of the devs who maintain them and shake 'em by the lapels for having really bad DevEx opinions.
Burned two hours this week failing to get basic auth working on a Docker registry instance because I wasn't properly binding the htpasswd file I set up. Time would have been cut in half if the log entry was "user not in the password file" instead of a generic "authentication failed." I'm sure someone was like "hurr durr you can't put that much detail in the logs, attackers could steal the logs and have so much info." Look... Fuck you, my (imaginary) guy, no attackers are gonna steal the logs because the service won't exist because I don't have enough debug info to stand it up in the first place.
TIL! macOS supports Touch ID for sudo, but turning it on is a bit obscure
:; grep ^ /etc/pam.d/sudo_local.template
# sudo_local: local config file which survives system update and is included for sudo
# uncomment following line to enable Touch ID for sudo
#auth sufficient pam_tid.so
you need to copy the template to /etc/pam.d/sudo_local (see the include directive in /etc/pam.d/sudo) and uncomment the magic line
API Key Authentication в ASP.NET Core Web Api
Недавно я столкнулся с задачей реализации аутентификации с использованием API Key в ASP.NET Core Web API. Хотя многие авторы рекомендуют использовать IAuthorizationFilter для этой цели, я обнаружил, что это не самый подходящий вариант. У меня есть более удачный подход, которым я хотел бы поделиться, включая примеры. Реализация была протестирована как в .NET 8, так и в .NET 9.
https://habr.com/ru/articles/877302/
#net #net_core #net_8 #net_9 #authentication #auth #authorization #api #api_key #aspnet
Great. Discord has locked me out.
I just sent a handful of friend requests to people I've been in a sever with for years, to set up a group chat.
Verify your account, it looks weird!
OK. Here's my number
We'll send a code!
...
...
No code.
One came through after ages and it's invalid. Phone or computer, no joy. Support auto-email didn't even comprehend the issue.
Phone sent me to Swedish-language help pages.
Cut off from over a hundred contacts. Fuck's sake. #discord #auth
@frankel@mastodon.topA basic guideline on implementing auth for the web.
The Copenhagen Book
Using custom permissions for is_staff and is_superuser
Another experiment in slimming down the User model
https://softwarecrafts.co.uk/100-words/day-176
#100_words,#django,#auth,#permissions
Another experiment in slimming down the User model
softwarecrafts.co.uk
Just updated the Kitten web site to document the sign in and sign out routes and how to manually check if the site owner is authenticated.
Kitten manages authentication automatically for you and creating an authenticated route is as simple as tacking a lock emoji (
) to the end of a route directory/file but there will be times when you have to check manually (e.g., to show a posting interface only when authenticated).
https://kitten.small-web.org/reference/#sessions-and-authentication
