Working on an application that has a custom portal, Grafana (for graphs), and a Discourse forum for support. There is a desire for single-sign-on (SSO) – or users to have a single username/password throughout the system. This is certainly a reasonable request – it is a pain to manage multiple accounts. The prevailing way to implement this is to use OAuth, but how to implement OAuth? Typically this requires another service that the existing applications talk to. Now we have another service to run or outsource and a network between the auth service and the existing user-facing applications. Additionally, OAuth is hard to get right. What if instead, we simply synchronize the user and auth information when changed in the portal to the other two applications? Then we still have the same user names and passwords everywhere, but the applications are still decoupled and continue to run stand-alone vs being tethered to another service. Perhaps standards could be created for synchronizing user/group/auth information. Like OAuth, but distributed and synchronized instead of a service that everyone uses.
This is similar to other movements we see:
- local first data (every instance has a local SQLite database)
- sync files instead of share them (Syncthing)
Obviously, this does not scale to every application, but for many systems where the dataset is not huge, syncing instead of sharing can be much simpler, faster, more reliable, and easier to implement.