Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

would it be possible to have a "simplified" documentation? #292

Open
gabrielesilinic opened this issue Dec 14, 2023 · 2 comments
Open

would it be possible to have a "simplified" documentation? #292

gabrielesilinic opened this issue Dec 14, 2023 · 2 comments
Labels
documentation Improvements or additions to documentation good first issue Good for newcomers help wanted Extra attention is needed question Further information is requested

Comments

@gabrielesilinic
Copy link

So, in the end i found out that the reason this repo just works is pretty much mostly because @peppelinux has a certain experience with OpenID connect and all, but the issue is that I and many people probably don't the same (impressive) level of experience.

While i am trying to get somewhere close to that realistically it's going to take me a very long time, i have absolutely no clue what a OIDC federation and many other pieces do and all the OIDC specs are very long, it's fine if you just link to simplified explanations or whatever as long as it is good enough to get something working, OIDC specs are many and take 3 hours each to be read in full and I am not immortal, but props for who wrote them, and also for who actually read them all.

What i am asking is if it would be possible to get a tutorial style walkthrough guide in some form to help any developer who maybe has just a very surface knowledge of OpenID Connect to integrate that SPID button (which doesn't have to be blue, it just has to work, making it blue afterwards is much simpler) in any app no matter the programming language, while using a supposedly a standard-compliant OIDC client library the language may have (for example, C# has identity model).

I know that there is for my use case exists a repo for C# called spid-cie-oidc-aspnetcore but it's setup guide is somewhat broken, or I may be broken as well, and honestly seems like i won't really get an answer from the maintainer there.

if you could make a full guide to help people get something that "just works" to then test it with this server implementation first then later expand it to the real production servers, that would be extremely helpful, this R&D project is giving me a very hard time right now.

@peppelinux
Copy link
Member

OIDC specifications are too much wide, for have a good security of the solution you end dealing with impl profiles with good interoperability

did you have read the official OIDC national specification for SPID and CIE?
As mentioned there, SPID and CIE id uses OIDC iGov profile and OpenID Federation 1.0

Currently I have a really problematic agenda that doesn't allow me to (live) do anything else, however if you plan to create something to help people in a deeper understanding of these specifications consider me available in giving help, even in best effort.

In particular, I suggest you to participate in the Developers Italia community joining in the Slack channel #spid-openid, is something that you should do before anything else, to reach and speak with people

@peppelinux peppelinux added documentation Improvements or additions to documentation help wanted Extra attention is needed good first issue Good for newcomers question Further information is requested labels Dec 14, 2023
@gabrielesilinic
Copy link
Author

@peppelinux thank you for the answer, honestly, I will follow your advice to some extent (I will study enough OIDC/Auth 2.0 anyways even if at work I may not be allowed to continue to research further, don't know), i did read a bit of the OIDC national specification but I did not yet do a very deep dive into it since I hoped it would be possible to reach an implementation without having to put so much time into it (I imagined it to be more like the google or auth0, but I soon found out it is far more complex mainly due to it being federated and not even that popular overall as it is more of a specific business thing).

my issue for now is that, as I keep trying to go towards a solution I still keep getting stuck specifically because I lack the knowledge to understand the problem in the first place.

I'll see what the people at #spid-openid can tell me, thank you.

P.S. the Italian version here is the same or better right? I do keep speaking English mostly because this is what I usually do in this context (also more people can figure out what I am saying this way and maybe get better answers), but I am Italian anyways.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Improvements or additions to documentation good first issue Good for newcomers help wanted Extra attention is needed question Further information is requested
Projects
None yet
Development

No branches or pull requests

2 participants