[paxys]

The author's complaint is really against authentication in general rather than SSO. Different sites and services have always and will always use their own authn/authz methods, simply because it isn't a generic problem that can be abstracted away. You can outsource parts of it (show the user a username/password form, validate credentials, verify email, check 2FA) which is what all these SSO providers aim to do.

Also the examples they mention are all just badly configured applications, which can easily be fixed.

[bfung]

Same - I sign in once and all the other apps is a click away.

From the author’s gifs, it looks like their SSO is setup incorrectly AND being incorrectly used. The 1st gif is really bad, the subsequent ones are more typical SSO setups.

Also, this blog article is an ad for Teleport. Given their flawed premise, … yeah.

[gonehome]

I think it could be a generic problem that's abstracted away, but you have to absorb identity into the stack at the OS level.

For a centralized authoritarian example of this you can consider WeChat. Unified API and auth layer that supports lots of different applications from one auth service that's used for basically everything.

In the decentralized world there have been attempts to do this as hacks on the existing web (stuff like open id), but they can't really succeed on the current stack. The Urbit OS is an attempt to solve these types of issues by boiling the ocean and in doing so this is one of the issues that gets fixed.

[Anunayj]

I agree, honestly something like public key auth built into the browser seems great to me! I use a single ssh key to login into multiple servers, I don't have to rely on a central authority to identify me and anyone can remove my access by just removing my public key.