[paulmd]

Spam would be significantly lessened with a centralized IDP like Google or Facebook to gate the accounts. You can get that aspect of Reddit without needing the full squeeze of the actual content being centralized on their platform too.

The workflow here looks like "you log in with your cloud account and then you create a new username for the forum". Doesn't have to be posting with real names or anything.

This also gets you much closer to a "reddit-like" low-friction user onboarding experience. It's not quite one click but it's like, two clicks and typing in a username. No password management etc, which is of course much simpler from a security perspective too.

I have seen a few sites do it and my initial response was "what? no." but like, you're already accepting a "cloud IDP" in reddit anyway, and there's massive advantages from the dev side. No passwords being stored, much lower friction to signup, etc - you just need the users to buy into the idea.

[jraph]

But please don't make me create a Google, Facebook or Microsoft that all come with arbitrary ToS, auth schemes, tracking, blocking that would cause me to lose access to the forum and absence of support. Please accept custom OpenID providers.

[paulmd]

If spammers can just create their own provider, that would kind of remove the point of having IDPs act as a spam gate.

That's not a firm "no" but like, you are transferring the user-reputation problem into an IDP-reputation one, so allowing arbitrary IDPs is not going to work. If you allow federated ones, you need some whitelist or reputation network of which federated IDPs are the good ones.