starred/pocket-id-pocket-id-1
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-09 23:02:59 +03:00
Code Issues 122 Packages Projects Releases 10 Wiki Activity

🚀 Feature: Support Webfinger #484

New Issue
Closed
opened 2025-10-08 00:10:35 +03:00 by OVERLORD · 7 comments
OVERLORD commented 2025-10-08 00:10:35 +03:00
Owner
Copy Link

Originally created by @salty2011 on GitHub.

Feature description

Liking the tool so far,

Was attempting to setup with tail scale however it required a web finger url for the oidc to be

https://${domain}/.well-known/webfinger

Reference URL https://tailscale.com/kb/1240/sso-custom-oidc

Would it be possible to add this capability?

Pitch

It would see that some services that support OIDC require this to be setup as part of the setup process

Originally created by @salty2011 on GitHub. ### Feature description Liking the tool so far, Was attempting to setup with tail scale however it required a web finger url for the oidc to be https://${domain}/.well-known/webfinger Reference URL https://tailscale.com/kb/1240/sso-custom-oidc Would it be possible to add this capability? ### Pitch It would see that some services that support OIDC require this to be setup as part of the setup process
OVERLORD added the feature label 2025-10-08 00:10:35 +03:00
OVERLORD commented 2025-10-08 00:10:39 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

@Sumtin you would be correct, however, The simple and easy to use aspect of the mission of Pocket ID doesn't necessarily include every small aspect/use case. If that makes sense. In this case web finger is only used for tail scale setup from what i understand, and then its not used again and it does pertain to authentication directly for 'most' OIDC aspects.

Let me know if that clears stuff up :)

@kmendell commented on GitHub: @Sumtin you would be correct, however, The simple and easy to use aspect of the mission of Pocket ID doesn't necessarily include every small aspect/use case. If that makes sense. In this case web finger is only used for tail scale setup from what i understand, and then its not used again and it does pertain to authentication directly for 'most' OIDC aspects. Let me know if that clears stuff up :)
OVERLORD commented 2025-10-08 00:10:40 +03:00
Author
Owner
Copy Link

@Sumtin commented on GitHub:

Hey @kmendell, thanks for taking the time to reply. I have a pretty basic understanding of OIDC to be honest, which is why I'm using Pocket ID in the first place. It was stupid simple to set up and the one app I've integrated with (Immich) is working very well. I have even less knowledge of WebFinger; literally just learned of its existence today lol.

That said, it seems like many (all?) of the major self-hosted OIDC IDP offerings support the WebFinger standard, which lead me to submit the feature request. Since it's an RFC standard I'm assuming it's used by more than just Tailscale, but could be wrong. The Tailscale docs list 18 different OIDC IDPs that support their implementation of WebFinger:

https://tailscale.com/kb/1240/sso-custom-oidc#additional-provider-configurations

While this WebFinger thing may not be "something to do with authentication directly", it does seem like a fairly common component of the OIDC landscape.

Cheers.

@Sumtin commented on GitHub: Hey @kmendell, thanks for taking the time to reply. I have a pretty basic understanding of OIDC to be honest, which is why I'm using Pocket ID in the first place. It was stupid simple to set up and the one app I've integrated with (Immich) is working very well. I have even less knowledge of WebFinger; literally just learned of its existence today lol. That said, it seems like many (all?) of the major self-hosted OIDC IDP offerings support the WebFinger standard, which lead me to submit the feature request. Since it's an RFC standard I'm assuming it's used by more than just Tailscale, but could be wrong. The Tailscale docs list 18 different OIDC IDPs that support their implementation of WebFinger: https://tailscale.com/kb/1240/sso-custom-oidc#additional-provider-configurations While this WebFinger thing may not be "something to do with authentication directly", it does seem like a fairly common component of the OIDC landscape. Cheers.
OVERLORD commented 2025-10-08 00:10:40 +03:00
Author
Owner
Copy Link

@Sumtin commented on GitHub:

Requiring users to spin additional services simply to use Pocket ID as their IDP contradicts the "mission" of Pocket ID, imo. Especially considering this trivial implementation of an RFC'd standard.

The goal of Pocket ID is to be a simple and easy-to-use.
@Sumtin commented on GitHub: Requiring users to spin additional services simply to use Pocket ID as their IDP contradicts the "mission" of Pocket ID, imo. Especially considering this trivial implementation of an RFC'd standard. ``` The goal of Pocket ID is to be a simple and easy-to-use. ```
OVERLORD commented 2025-10-08 00:10:40 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

@Sumtin I guess im not sure i see the benefit of adding web finger support, since its such a short lived endpoint its only used during setup and the only service i know that uses it (that i know of course) is tailscale, ill have to defer to @stonith404 but i think he agrees with this statement.

@kmendell commented on GitHub: @Sumtin I guess im not sure i see the benefit of adding web finger support, since its such a short lived endpoint its only used during setup and the only service i know that uses it (that i know of course) is tailscale, ill have to defer to @stonith404 but i think he agrees with this statement.
OVERLORD commented 2025-10-08 00:10:41 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

This doesn't make sense to implement into Pocket ID as it doesn't have something to do with authentication directly.

But you just can spin up a Webfinger service like go-finger for the setup and when you're done with the setup you can delete it again.

@stonith404 commented on GitHub: This doesn't make sense to implement into Pocket ID as it doesn't have something to do with authentication directly. But you just can spin up a Webfinger service like [go-finger](https://github.com/Maronato/go-finger) for the setup and when you're done with the setup you can delete it again.
OVERLORD commented 2025-10-08 00:10:43 +03:00
Author
Owner
Copy Link

@Sumtin commented on GitHub:

Appreciate you keeping us in mind! Still not working for me, but better than nothing. :)

@Sumtin commented on GitHub: Appreciate you keeping us in mind! Still not working for me, but better than nothing. :)
OVERLORD commented 2025-10-08 00:10:43 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

Hey everyone, Tailscale dropped a video on Pocket ID and included is how to setup the webfinger endpoint :) https://www.youtube.com/watch?v=sPUkAm7yDlU

@kmendell commented on GitHub: Hey everyone, Tailscale dropped a video on Pocket ID and included is how to setup the webfinger endpoint :) https://www.youtube.com/watch?v=sPUkAm7yDlU
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label feature
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-1#484
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?