DEV Community

Fernando for The DEV Team

Posted on

15 6

Forem’s Approach to Decentralized Authentication and Authorization

This is the first part in a series that will cover the new Forem Passport service provider, which integrates with the Forem open source software behind DEV and other communities.

A Brief History of Our Authentication Options

Since its early days, DEV relied solely on authentication providers to set up and access user accounts. There are pros and cons with that decision, but I’d say it’s working well, overall, with over 756,805 registered users (and counting!) today.

After DEV became part of the larger Forem umbrella, we’ve continued to expand from GitHub and Twitter authentication to allowing many other use cases like invite only (private) or email+password registration, to name a few.

Despite these new authentication options, our backend implementation of them hasn’t changed much. This is because we rely on OAuth (an open-standard authorization protocol/framework) and a polymorphic approach, which allows our team to add new providers that adhere to the OAuth protocol.

Below, I'll explain how these authentication factors connect with external influences (like Apple and Facebook), leading us to build our own authentication provider. If you’re more interested in the implementation (show me the code), check out the next part in this series, coming soon!

How Forem is Decentralized

Empowering community by giving ownership to creators (decentralization) is the bedrock of Forem's mission. Anyone that hosts their own Forem site becomes part of the world wide web (WWW), just like any other website does. It becomes a bit more interesting when we look at the network of Forem sites.

In case you missed it, a while ago we announced how you can now self-host your own Forem. Starting your own community with data ownership and the transparency of the open source (much like DEV) is finally possible 🌱

Since we now have a network of sites that run Forem's open source community software, we need to work on the ecosystem around it. So we shipped the Forem iOS app with this in mind.

Forem for iOS means that you can browse many different Forem communities in one centralized app on the go. Since the days of our DEV iOS app (soon to be sunsetted), we have enhanced the mobile browser experience with Push Notifications and many more features. Together, we've accomplished all of this despite relying on a WebView-based implementation, which might be a sensitive topic at times... but that’s a post for another day 😅

Authentication Hurdles: Apple and Facebook

Since a Creator has full ownership of their Forem, we can’t control the authentication methods they choose to enable (this is the point). Apple, on the other hand, requires everyone using their authentication to comply with their guidelines.

We actually ranted joked a little about the “SIWA rule” in a DEV Twitch Stream a while ago, along with other mobile/ecosystem related conversations. SIWA is the acronym we use for Sign In With Apple.

Because Apple requires every iOS app that allows for social logins to have SIWA enabled, the Forem iOS app is being rejected by AppStore reviewers when they find some Forems listed in the app don’t have SIWA enabled by choice.

Despite being less than ideal, we had to hide all social authentication providers if the Forem site doesn’t have SIWA enabled within the ForemWebView context (which means it’s being rendered in a mobile app). This is the PR for that in case you’re curious.

Later, Facebook shut down their OAuth flow protocol in Android WebView contexts. According to them, this was a decision made “for security reasons”. This is the issue where some of this conversation has taken place. Similar to the SIWA situation, we’re not able to show the Facebook auth option.

Authentication on a Decentralized Network of Forem Communities

With these challenges led us back to a big picture idea discussed over year ago: an SSO solution that would work across Forems. The goal is to make authenticating with any Forem site easier — on any platform or context. Enter Forem Passport.

OAuth is incredibly powerful and even somewhat democratic, in the sense that each individual user chooses to authorize or revoke the permissions they’ve given through the OAuth protocol.

The iOS mobile app now integrates directly with Forem Passport and we’ve started to reach out to creators so they can enable the Forem authentication provider to allow for this better experience across platforms.

On some Forem sites like DEV, CodeNewbie and forem.dev, you can already connect your Forem Passport account from your settings or directly register a new account using the Forem auth provider.


In the next post in this series, I’m going to share the ongoing and upcoming projects we're working on, all of which integrate with the Passport project in one way or another. Read all about it here

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Top comments (2)

Collapse
 
maxfindel profile image
Max F. Findel

Hey Ben, this is some great news! I just connected my account but upon redirect I land at https://dev.to/new?i=i&signin=true which breaks the design (CSS fails to load). I think the redirect should be back to settings, right? The same happened when I connected my GitHub account.
New post page with broken CSS

Collapse
 
cwraytech profile image
Christopher Wray

Very cool. Sounds like a lot of work!

DEV is built on open source software called Forem!

GitHub logo forem / forem

For empowering community 🌱


Forem 🌱

For Empowering Community

Build Status Build Status GitHub commit activity GitHub issues ready for dev GitPod badge

Welcome to the Forem codebase, the platform that powersdev.to. We are so excited to have you. With your help, we canbuild out Forem’s usability, scalability, and stability to better serve ourcommunities.

What is Forem?

Forem is open source software for building communities. Communities for yourpeers, customers, fanbases, families, friends, and any other time and spacewhere people need to come together to be part of a collectiveSee our announcement postfor a high-level overview of what Forem is.

dev.to (or just DEV) is hosted by Forem. It is a community ofsoftware developers who write articles, take part in discussions, and buildtheir professional profiles. We value supportive and constructive dialogue inthe pursuit of great code and career growth for all members. The ecosystem spansfrom beginner to advanced developers, and all are welcome to find their place…

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay