Hi there

(see a TL;DR below)

Background

As far as I can tell, I can add a Google account, or a GitHub account to my OSM account, in order to alternatively use those to sign in rather using my password manager with my username & password.

OpenID Connect?

I’ve seen the OpenID Connect option in the sign in, sign up, and account settings views, leading me to believe that OSM isn’t hard-coded to only accept a short list of large companies to federate my login with.

Can I use my own IDP for this? I’m running Zitadel on my own infra, and now I’m asking myself if I can use it to log into my OSM account, instead of using e.g. Google or GitHub.

Prior research

Before asking here, I have read this post from the old forum, and this page in the wiki, yet neither answered my questions.

The OAuth wiki page has some info on “Using OpenStreetMap as identity provider”, but I want to go the other way, i.e. log in to OSM using my own IDP.

Non-questions

For clarity, here are some things I’m not asking

• I don’t need an explanation of OpenID Connect, OAuth2, etc.
• I’m not (currently) interested in writing an app/web client for OSM

TL;DR

(How) can I log into OSM using my own federated login (i.e. “login with GitHub”, but it’s my own OpenID Connect IDP), assuming I have one set up already. Is this possible?

Any help is appreciated, thanks for your time :3

No you can’t use your own IDP for this.

That was possible with with original OpenID but with OpenID Connect things work rather differently and each IDP needs to be explicitly configured with a specific client ID and secret issued by the provider.

Thank you so much for your reply :3

So that means unless someone were to hard-code my client-id & -secret into OSM, I cannot do this?

And if so, why does OSM still show the OpenID option in the UI?