Reimagine user auth, "Follow" flow, and the concept of "login" and "users" #3482
Labels
activitypub-federation
Functionality around ActivityPub and fediverse integration
backlog
Ideas that might be cool and can be looked into later.
big feature
A major feature that requires planning, design input and discussion
chat
Issues dealing with the web chat client and server
enhancement
New feature or request
go backend
Server-side code written in Go
needs design
Requires design input and planning and possibly a mock.
Web frontend
Issues dealing with the web site
Share your bug report, feature request, or comment.
This topic came up in the discussion around the embed design (#2917). And while it's not directly connected, it tangentially is.
Currently, there's no such thing as "logging in" to anything on Owncast, with regard to frontend, end user functionality. There are only features that you can authenticate against. And while to some that might feel like the same thing, they are very different.
Logging in means you authenticate, and then the web application knows who you are, and certain things change state, reflecting the fact that you are who you are throughout the entirety of the application. This is how every web site with accounts works.
What we do now is different. We have a set of functionality that you can authenticate to use. The web application doesn't know who you are. Once that action is independently taken (FediAuth, IndieAuth, Follow), that's it.
One feature that would be difficult to build currently is Follower-only Chat (#3428). While we do know who our followers are, and who has authenticated against chat, they are decoupled. We'd be asking a chat participant to perform two entirely different actions (follow via the fediverse and then authenticate via the fediverse) to make it work. This makes little sense.
What does this mean? For example, here's how the "Follow" flow works now:
There are a couple of different reasons why it currently is the way that it is.
Consolidating FediAuth functionality
People really like the "FediAuth" functionality that we built into Owncast, and I think it's worth doubling down on it. Right now, you perform a FediAuth action to authenticate with chat, it's just for chat. It impacts nothing else, and most people don't understand what benefits they get out of the action.
Benefits
An alternative example of user flow would look like this:
Important clarification
To clarify, I still have no interest in traditional "accounts" where people have to create a username and password to chat or view the video. We have always had "accounts" internal to Owncast, and this hasn't changed, and still won't change, from how they are represented. But if it makes sense, we may change how a user can access them.
Questions that need to be answered
The text was updated successfully, but these errors were encountered: