On the latest Fedora Infrastructure weekly meeting we decided on a date of OpenID authentication sunset. The date is 20th May 2025.
Why the change?
The OpenID is being replaced by OpenIDConnect (OIDC) in most of the modern web and most of the Fedora infrastructure is already using OIDC as the default authentication method. OIDC offers us better security by handling both authentication and authorization. It also allows us to have more control over services that are using Fedora Account System (FAS) for authentication.
What will change for you?
With the End Of Life of OpenID we will switch to OIDC for everything and no longer support authentication with OpenID. If your web or service is already using OIDC for authentication nothing will change for you. If you are still using OpenID open a ticket on Fedora Infrastructure issue tracker and we will help you with migration to OIDC. For users using FAS as authentication option there should be no change at all.
What will happen now?
We will be reaching to services we identified as using OpenID directly, but as we don’t have control over OpenID authentication we can’t identify everyone.
If you are interested in following this work feel free to watch this ticket.
um… how do I know if I’m using OpenID or OpenIDConnect?
unless you maintain some kind of service that uses Fedora’s authentication system, you don’t need to worry about this.
@zlopez howdy, any idea how to verify we are using OIDC? We login to Testing Farm via Fedora accont using:
https://api.testing-farm.io/v0.1/login/fedora/
Yes, you are using OIDC.
Basically anything setup in probibly the last 5+ years we would have
asked for OIDC, which would involve some information back and forth and
configuration on both our side and yours.
I checked and we have OIDC setup for you.
I’m happy to look for any other app owners that are unsure…