20:09 <jfred> Hmm... you know, I wonder if there's a simple OIDC IdP out there that could be run as a Sandstorm app

20:09 <jfred> those always feel way overly complex to set up

20:13 <ocdtrekkie> Like so a Sandstorm server could serve it's own identity provider as an app?

20:14 <ocdtrekkie> That might be a reasonable end run around Sandstorm's default preference not to manage authentication, provided we are offering such an app that we find trustworthy.

20:34 <jfred> ah I wasn't even thinking something that involved, just a simple IdP in general for external apps to use - though integrating it with sandstorm's auth might be interesting too

20:39 <jfred> mostly just because if you want an OIDC IdP to use with other apps your options are like... one of the proprietary cloud-hosted ones, Keycloak (the setup process for which is a bit intimidating), Gluu (which is maybe a bit less intimidating but still not Sandstorm-easy)... etc

20:55 <ocdtrekkie> I just know that since Sandstorm itself supports OIDC, assuming you had at least one admin with email login to set it up, you could probably do something crazy like turn around and use such an app to manage Sandstorm logins too, lol.

21:33 <jfred> I'm always afraid of chicken-and-egg problems when you do stuff like that but it *might* be fine :P

22:07 <Aziraphale> like making DNS depend on NFS that depends on DNS

22:07 <Aziraphale> don't ask me how I know