Yes that tracks with how OIDC setup works with my other services (you give the container the OIDC links and shared secrets so it knows how to talk to the OIDC and trust it).
This would require configuration with a whitelist of which OIDC IdPs to trust. Otherwise anybody could self-authorise a OIDC token (using their own IdP) and use that to log in.
glizzyguzzler@piefed.blahaj.zone 2 days ago
SinTan1729@programming.dev 3 days ago
Hmm, so that might be out of scope here. But I can try to do some kind of 2FA, shouldn’t be much of an issue, really. It’s just that I never thought a link shortener needed that kind of protection since the links will be shared anyway.
flubba86@lemmy.world 2 days ago
I agree with you, a simple minimal url-shortener does not need 2FA.