Hi folks,

I’m seeing there are multiple services which externalise the task of “identity provider” (e.g. login with Facebook, google or what not).

In my case, I am curious about Tailscale, a VPN service which allows one to chose an identity provider/SSO between Google, Microsoft, Github, Apple and OIDC.

How can I find out what data is actually communicates to the identity provider? Their task should simply be to decide whether I am who I claim to be, nothing more. But I’m guessing there may be some subtleties.

In the case of Tailscale, would the identity provider know where I’m trying to connect? Or more?

Answers and insights much appreciated! The topic does not seem to have much information online.

  • exuA
    link
    fedilink
    English
    arrow-up
    6
    ·
    3 months ago

    You can self host your identity provider and use OIDC to connect Tailscale. I myself use Authentik, a more established alternative in enterprise is Keycloak

    • The Hobbyist@lemmy.zipOP
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      3 months ago

      Do you use Authentik specifically with Tailscale? That’s interesting, indeed I would definitely want that. I was under the impression that it required something like headscale but it seems not to be the case. Thanks!

      Edit: minor edit.

      • exuA
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        I use Headscale, but I think I read somewhere that Tailscale allows custom OIDC providers now.

    • eagertolearn@discuss.tchncs.de
      link
      fedilink
      arrow-up
      1
      ·
      3 months ago

      Can I ask how you set authentik up for tailscale? I tried that but got stuck with the webfinger step. I can’t wrap my head around that.