Aaron Parecki

That's for the final profile URL. The user can enter something different at the start, and if that contains a username component then the trick works.

take a look at my activitypub conference talk, starting at 11:50, I address the UX aspect of it here: https://aaronparecki.com/2020/09/22/25/activitypub-oauth-2-1#t=710

also happy to set up a time to chat about this instead! I think we have a lot of similar goals!

nobody said "force". my goal is to *enable* indie identities, something that is pretty much completely glossed over by the current OIDC ecosystem.

ah yes, the "this is the first I've heard about it" argument sure is a solid one

I appreciate the commitment to prove this with a photo and am also very curious about what's in your bookmark toolbar and open tabs

*deal maker. agreed.

I always assumed that was already the case. Is it not?

Email addresses *are* domain-based auth. I think you’re conflating two different parts of the system. In IndieAuth, the canonical user identifier doesn’t have to be the thing the user enters in a login prompt. This is also true for almost every other authentication system.

To be clear, I’m not sure this is a *good* idea, and it also requires a bit of code running at the web server of the root domain, but it does work.

As a client developer you have to: 1) follow the spec by assuming “http” if no scheme is entered, and 2) allow the user-entered URL to contain a username component.

I’ll admit it’s a bit of a “hack”. The trick is “aaron@parecki.com” is a URL because if you assume the http scheme then you get http://aaron@parecki.com which is a username but no password with HTTP basic auth. The server can switch what it returns based on that username.

This one I’m really confused on, and we should probably chat about it to clear things up. IMO OIDC is more of a barrier here because the default is that clients need to register. With IndieAuth there is no expectation of client registration at all.

There is no obligation that you have to register your own domain for IndieAuth to work. I’ve talked about this at ActivityPub Conference showing how they can use IndieAuth to enable a standards-based app ecosystem for ActivityPub/Mastodon apps. That of course uses shared domains.

so it turns out this works. I can type in “aaron@parecki.com” in an indieauth prompt and it works. because that is a URL.

a side benefit of not owning a car is being able to completely ignore these without even a second thought 😂

I use Unifi cameras cause the whole thing runs locally and records to a pile of hard drives in my closet

woo welcome to the verified-without-a-lot-of-followers-club 🎉

yeah exactly, and users of this CMS are going to care exactly zero what fancy tech it's built with, so it's more important that it works well than it's built with the latest JS framework or the blockchain or whatever sorry do I sound bitter? 😇

probably still PHP + MySQL, likely using Laravel, but a server-rendered UI with maybe a hint of javascript for some nice interactions. I'm old.

nice greenscreen setup too!