Aaron Parecki

#IndieAuth

• Standardizing the Social Web

  Jun

  22

  June 22, 2016 11:00am (-0700)

  Portland, Oregon, USA

  Open Source Bridge

  View Slides

  1 mention

  permalink #indieweb #indieauth #micropub #osbridge #activitystreams #w3c #socialwg
• https://github.com/aaronpk/IndieAuth.com/issues/120#issuecomment-224739992
  

  Not that it's your fault, but I think you're starting to confuse the two roles of indieauth.com.
  
  Role 1) indieauth.com is a service that developers can use to handle all the hard work of doing rel-me-auth with specific providers directly. In this case, the application developer has a trust relationship with indieauth.com and users should not be concerned that they're using indieauth.com, from their POV they are just signing in to the website. This is how the indiewebcamp.com wiki uses indieauth.com
  
  Role 2) indieauth.com is a service that users can delegate their domain to. To use indieauth.com this way, the user links to indieauth.com as their `authorization_endpoint` on their domain. In this case, the user has a trust relationship with indieauth.com, and an application discovers the user's auth endpoint by following the rel link on their website. Micropub apps like Quill work this way, where you will only ever see indieauth.com if you have delegated to it yourself.
  
  Does this help clear things up? In situation 2, you'll only ever see indieauth.com if you explicitly set it as your authorization endpoint. You could use indiecert.net or use your own auth server instead. In situation 1, where a developer has chosen to use indieauth.com instead of implementing authentication themselves, you're limited to the options that indieauth.com has implemented. However the idea is that indieauth.com implements a good number of options and in a secure way, making it a better option for developers than implementing PGP/SMS/GitHub/etc themselves.
  
  With that in mind, could you rephrase your request in that context?

  Portland, Oregon, USA

  Wed, Jun 8, 2016 3:08pm -07:00 #indieauth
• https://github.com/aaronpk/IndieAuth.com/issues/120
  

  Hm, would you want to delegate to the `pgp` one to prevent any other login mechanisms from being used? One of the nice things about indieauth.com showing multiple options is that depending on the device you're logging in on, you might want to choose a different option. For example I usually use GitHub or GPG login when I'm on my main computer, but use Twitter from my phone.
  
  I can definitely see value in wanting to limit the options provided by indieauth.com to a subset of the rel-me links on your site. (Maybe I want Twitter listed on my site, but never want to use it for login.)
  
  What about using the query string to indicate the supported providers?
  
  `https://indieauth.com/auth?providers=github.com,pgp,sms` etc. In that case, indieauth.com could even present them to you in the order given.
  
  Similar to https://github.com/aaronpk/IndieAuth.com/issues/112, if only one is set then it could redirect immediately instead of making you click the button, which would be a better user experience.

  Portland, Oregon, USA

  Wed, Jun 8, 2016 2:42pm -07:00 #indieauth

• New integrated authorization server for p3k

  I just launched an update to p3k which adds an integrated authorization server. This means that now when I sign in to Micropub apps like Quill, it will redirect me to my own server where I can have more fine-grained control over the access I am granting the application.

  continue reading...

  3 likes 1 mention

  Wed, Apr 13, 2016 3:21pm +02:00 #indieweb #p3k #indieauth
• https://twitter.com/Sneakyness/status/707676786604306433
  

  @Sneakyness sounds like you're trying to use the OpenID service? Use openid.indieauth.com as your server and it should work

  Derry Twp, Pennsylvania, USA

  Wed, Mar 9, 2016 1:18pm -08:00 #indieauth
• https://starseerdrgn.dreamwidth.org/5777.html
  

  @starseerdrgn GPG is also supported. The goal is your domain is your identity. The authn mechanism is secondary. Happy to talk more about the motivations behind IndieAuth, since decentralized authentication is absolutely the goal.

  Portland, Oregon, USA

  1 reply

  Mon, Feb 22, 2016 7:58am -08:00 #indieauth
• Kyle Mahan: silo.pub supports native authentication (kylewm.com)

  silo.pub supports "native" authentication now! #indieweb #micropub

  Mon, Jul 27, 2015 8:36am -07:00 #micropub #indieauth
• Lukas Rosenstock https://twitter.com/LukasRosenstock   •   Jul 27

  @mxstbr The idea of putting keys on your site fits the #IndieWeb spirit very well, I invite you to present it on @indiewebcamp IRC and wiki.
  

  @LukasRosenstock @mxstbr If you link to your PGP key you can sign in to the wiki with your domain! https://indieauth.com/gpg

  Portland, Oregon, USA

  1 like

  Mon, Jul 27, 2015 6:58am -07:00 #indieauth
• 

  Today I extended @cweiske's sequence diagram to cover the whole IndieAuth for Micropub flow. Hope it's helpful! More info here: http://indiewebcamp.com/obtaining-an-access-token

  

  Sun, Jul 26, 2015 12:18pm -07:00 #indieauth #micropub #indieweb
• Micropub: The Emerging API Standard for IndieWeb Apps

  Jun

  24

  June 24, 2015 3:45pm (-0700)

  Portland, Oregon, USA

  Open Source Bridge

  View Slides

  1 mention

  permalink #indieweb #indieauth #micropub #osbridge
• Kyle Mahan https://kylewm.com

  I think this is cool — Working on a version of the IndiePub plugin for @withknown that does its own authorization

  Tue, Jun 2, 2015 8:30am -07:00 (liked on Tue, Jun 2, 2015 8:56am -07:00) #video #indieauth #withknown #screencast
• https://kylewm.com/2015/06/awesome-thanks-fair-warning-it-s-kind-of-a-proof
  

  @kylewmahan Sweet! You should try using JWT for generating the auth codes, so that you don't need to store anything! Basically you generate a signed string with all of the data you need (user, scope, expiration, etc), and that is the auth code. That way you can get the data from the auth code without needing to look anything up in the database. Check out how my token endpoint does it:
  
  https://github.com/aaronpk/IndieAuth-Token-Endpoint/blob/master/controllers/controller.php#L52
  
  https://github.com/aaronpk/IndieAuth-Token-Endpoint/blob/master/controllers/controller.php#L100
  
  There's more background on this concept here: http://lucumr.pocoo.org/2013/11/17/my-favorite-database/

  Portland, Oregon, USA

  Tue, Jun 2, 2015 8:56am -07:00 #indieauth
• 

  Happy to say https://indieauth.com is now running on 3 physically separate servers behind DNS load balancing!
  
  Took quite a bit of refactoring to make the three servers not require a shared backend. Lots of taking advantage of storing state "on the wire" rather than in a database. If you notice any weirdness or glitches, definitely let me know!
  
  If you'd like to volunteer a server to help share the load, let me know. It requires Nginx, Ruby, Redis and Memcache.

  Portland, Oregon, USA

  19 likes 3 reposts 2 replies

  Sun, May 31, 2015 10:03pm -07:00 #indieweb #indieauth
• I wanted to comment on a Blogspot post as +ManabaseCrafter.  Blogspot offers… (plus.google.com)

  So I thought, this morning, "I'll add a gem to http://manabasecrafter.com to act as an OpenID server." But all the gems are obsolete. Then I thought "Didn't I use something called MyOpenID at one point?" They've closed. Then I thought "Didn't Google offer one?" They discontinued it last month. Then I thought "I'll do it the dumb way and just use the WordPress plugin that does it on a dummy site." That plugin is no longer supported and incompatible with the current version of WordPress. Then I thought "I'll try it in raw PHP." There is apparently one working library, and all they offer is an example server "to give you an idea of how to write your own implementation."

  Sat, May 16, 2015 7:40pm -07:00 #openid #indieauth
• Joshua McGee http://eclecticquill.com

  Thanks for making my life easier today, @Indie_Auth. My woeful #OpenID tale: http://mcg.ee/iaus
  
  #indieauth #indieweb

  Sat, May 16, 2015 6:37pm -08:00 (liked on Sat, May 16, 2015 7:39pm -07:00) #OpenID #indieauth #indieweb
• *RECURSION* https://rhiaro.co.uk

  Three very first websites up after day 1 of @Prewired #MakerWeek. So tomorrow I'll have the kids set up #indieauth?

  Mon, Apr 13, 2015 4:06pm +00:00 (liked on Mon, Apr 13, 2015 9:07am -07:00) #MakerWeek #indieauth

• Re: Proposed Changes to IndieAuth Protocol

  This is a reply to fkooman's proposed changes to IndieAuth protocol.

  continue reading...

  Thu, Mar 5, 2015 10:00am -08:00 #indieauth #indieweb
• Shane Becker Ⓐ🏴 http://veganstraightedge.com

  I’m much better at products than protocols. I'm so thankful that people like @aaronpk (& several others) designed #indieauth and #micropub.

  Sat, Jan 17, 2015 6:07pm -08:00 (liked on Sun, Jan 18, 2015 5:50pm -08:00) #indieauth #micropub
• Indie web building blocks (adactio.com)

  Tue, Oct 21, 2014 11:47am -07:00 #indieweb #tutorial #indieauth #micropub #webmention
• https://twitter.com/franatique/status/523121262168899584
  

  @franatique It supports SMS, email (via Persona), and now GPG auth: https://indieauth.com/gpg

  Nürnberg, Bayern, DEU

  Fri, Oct 17, 2014 4:43pm +02:00 #indieauth