Secure Networking with Tailscale and Custom OIDC Integration

Tailscale has introduced a beta feature allowing users to integrate any OpenID Connect (OIDC) compliant identity provider, expanding beyond the previously limited options like Google, Okta, GitHub, and Azure AD. This enhancement requires a WebFinger endpoint on the authentication domain for identity discovery and administrative verification. The blog humorously explores creating a non-compliant, mock identity provider to test the OIDC integration, emphasizing the complexities of implementing OAuth 2.0 and OIDC specifications. Despite the lighthearted approach, the authors caution against using a homemade IdP due to security concerns, recommending established solutions like Keycloak, Dex, or Ory for those who need to host their own IdP.