Availability of OpenID Connect in hosted plans

This is just a clarification question.

I have started running discourse locally, following the docker instructions
I can see the options for setting up login with google but none of the options described in the OpenID Connect plugin?
The plugins listing suggests all OAuth options only are available on the business plan.

My question is

  • Are the standard plugins (listed here) the same as the ones bundled in the docker distribution?
  • If so, are you supporting lock-in OAuth options like Google, before open standards like OpenID Connect

That’s right. As per OpenID Connect Authentication Plugin, you’ll need to install the GitHub - discourse/discourse-openid-connect: Allows an OpenID Connect provider to be used as an authentication provider for Discourse plugin.

Some functionality is a part of Discourse (core) and is included in the base Docker image. The rest of it (OpenID Connect, custom Oath2 and other plugins) can be added through our 100% free and open source official plugins by following Install Plugins in Discourse. When you’re self-hosting, you can install any plugins (regardless of tier) because they are all available here on Meta and are open source.

2 Likes

Good to know. I’m only running on docker for some local experiments. I would choose the hosted option going forward. So I don’t think that quite answers the question of do you need to pay the Business level to use OpenID Connect on a hosted option.

Yes, that is also correct as per Plugin directory | Discourse - Civilized Discussion.

2 Likes

I will comment that I find this situation not quite palatable.

Having to pay more to use an open standard instead of a propriety integration with one of a limited set of selected companies reinforces their monopoly position.

Even more annoying because some of those services also support OpenID Connect.

https://accounts.google.com/.well-known/openid-configuration

p.s. I work on an alternative identity provider https://did.app so am invested in promoting OpenID. However, I was looking into discourse for a potential customer they would be on our free tier (less than 1000 active users) yet to use it with hosted discourse will cost them too much.
I guess they will either self host, a shame because I used hosted before and liked it, or use something else.

Is there any possibility that openid could be available at the same level as propriety integrations?

Look at it from the other side for a moment, consider what you’re asking.

Hosting companies offer lower tier packages with the most popular plugins because they’re an easy sell, and consistency across thousands of client instances lowers support costs. They aren’t creating each instance by hand, automation takes care of everything.

The functionality you’re referring to above isn’t even a plugin, Log in with Google and Facebook Login are standard features of core, and have been for years, because they’re both so widely used.

Then consider the OpenID plugin which was first published about ~15 months ago. It wouldn’t make sense to arbitrarily install into tens of thousands of environments, because only a minute fraction of customers will utilise it. Doing so would complicate those installations, and cause each install to use fractionally more resources, increasing the support and operating costs for that tier of service.

Nobody is making you pay more to use an open standard, that’s a dramatic misrepresentation of the situation. Nobody is making you pay anything here, anyone is free to follow the Standard Installation on a $5 DigitalOcean droplet and install the plugin yourself. The uplift in cost is to cater for more complexity, more resources and the associated higher support costs of both.

This is the crux of the problem, OpenID is still ‘small’ compared to more recognizable providers. You want OpenID to be treated as top tier, because it helps the strategy of your employer, but doing so prematurely undermines the strategy of every hosting provider out there.

You do have a choice in this situation, if you think a lower end hosting package with OpenID as standard is a compelling option then why not offer to host it yourselves?

Conversely, if you don’t want to, why would you expect anyone else?

p.s. I’ve worked with education customers in the UK for about ~12 years now. OpenID popped up on our radar in 2014 and I’ve seen some sites use it to huge success. I still wouldn’t advocate for it to be integrated into smaller communities, because it just doesn’t suit those groups. Maybe did.app can change that, but expecting providers to roll out the red carpet isn’t going to get you any close to that particular goal.

1 Like

Look at it from the other side for a moment, consider what you’re asking.

I wasn’t trying to be confrontational in my point of view.

The functionality you’re referring to above isn’t even a plugin, Log in with Google and Facebook Login are standard features of core, and have been for years, because they’re both so widely used.

This is the thing I find disagreeable with the internet in general, the pervasiveness of these over reaching services. I completely understand how discourse has reached this point, just wanted to ask about the possibility or OpenID reaching the same level as the others, and will accept never as an answer.

My suspicion is that the current situation will one day, perhaps already does, fall foul of anti competition laws. Not something that an opensource project needs to think about but likely companies offering paid hosting options will.

However this is not a point that I want to lean on, and it’s not one that will resolve in the near term or in a forum thread.

Nobody is making you pay more to use an open standard, that’s a dramatic misrepresentation of the situation. Nobody is making you pay anything here, anyone is free to follow the Standard Installation on a $5 DigitalOcean droplet and install the plugin yourself.

This is a slightly tangential point.
I liked the hosted option, I previously used discourse hosted for a project. We used SSO integration and everything worked well.
I was in the process of recommending hosted discourse to a completely non technical audience, who probably hasn’t even heard of Digital Ocean, saying definitely worth the $100 per month as they get started. Sure it’s always possible to self host but they don’t want to and honestly I liked it being the way I supported discourse.

As mentioned, totally understand the current position, can worth with it.

But isn’t that where providers like DiscourseHosting come in? Their hosted product is a little different, and their Professional plan which starts at $40/month allows additional ‘well known’ plugins.

That’s… incredibly unlikely. If the demand was there then someone would be meeting it.

To a certain extent with open source that’s the whole point.

1 Like