Aaron Parecki

#IndieAuth

• Dropping Twitter Support on IndieAuth.com

  

  I've made the difficult decision to drop support for Twitter authentication on IndieAuth.com. Some time last week, Twitter rolled out a change to the website which broke how IndieAuth.com verifies that a website and Twitter account belong to the same person.

  continue reading...

  2 likes 3 replies 3 mentions

  Sun, May 27, 2018 5:01pm -07:00 #indieauth #indielogin #twitter
• Tantek Çelik http://tantek.com/

  hosting Homebrew Website Club SF tonight @MozSF!
  RSVP http://tantek.com/2018/080/e1
  
  Special guest @aaronpk will demo his #IndieWeb reader setup!
  https://aaronparecki.com/2018/03/12/17/building-an-indieweb-reader built on #openweb standards #WebSub #Microsub #microformats2 #IndieAuth #MicroPub #Webmention #Webhooks

  San Francisco, California • 64°F

  Wed, Mar 21, 2018 11:24am -07:00 (liked on Wed, Mar 21, 2018 6:59pm -07:00) #IndieWeb #openweb #WebSub #Microsub #microformats2 #IndieAuth #MicroPub #Webmention #Webhooks
• Marty McGuire https://martymcgui.re/

  Micropub for a static Neocities website

  Portland, Oregon • 60°F

  Mon, Mar 12, 2018 1:04pm -04:00 (liked on Mon, Mar 12, 2018 10:33am -07:00) #IndieWeb #ghostparty #glitch #neocities #micropub #IndieAuth
• OpenID Connect Federation – notiz.Blog (notiz.blog)

  Wed, Feb 14, 2018 12:53pm -08:00 #openid #oauth #indieauth

• IndieAuth-Client-PHP 0.3.1

  This release includes two new methods for quickly developing an IndieAuth client.

  continue reading...

  2 replies 1 mention

  Wed, Feb 7, 2018 11:30am -08:00 #indieauth #indieweb

• WebSub and IndieAuth Published on w3.org!

  

  Today, we published the last of the two W3C specs I am editing! WebSub was published as a W3C Recommendation, and IndieAuth was published as a Working Group Note.

  continue reading...

  22 likes 23 reposts 1 bookmark 7 replies 5 mentions

  Tue, Jan 23, 2018 6:28pm -08:00 #websub #indieauth #w3c #standards
• Zegnat https://github.com/Zegnat   •   Jan 3

  #12 Specify RelMeAuth as fallback.
  

  This spec intentionally doesn't specify how users authenticate themselves to their server, it only deals with how third-party clients can authenticate users where their domain name is their identity.

  The analogous version of this in RelMeAuth, with Google as an example, is such: as far as the RelMeAuth client is concerned, it sends the user over to Google, and expects Google to handle authenticating the user. This might involve entering their password, optionally followed by a 2fa mechanism like a Yubikey or TOTP code. That is all invisible to the site they're logging in to.

  Similarly, IndieAuth clients do not know how users authenticate to their own server, the client just expects to send them off to the authorization endpoint and get back a response later that can be verified.

  It is not a good idea for a spec to require any sort of authentication mechanism between the user and their own authorization server, which is something that the OAuth 2.0 spec has also made clear.

  Now, the rest of this conversation is essentially continuing the naming debate of indieauth.com vs IndieAuth the spec vs other options we've considered.

  I agree with many of @tantek's points, like

  ... should be it "just works" even if you only setup rel=me

  However, that is describing RelMeAuth, not this spec. And as @Zegnat pointed out, even just adding rel=me isn't necessarily going to guarantee that you can sign in to an arbitrary site that supports RelMeAuth, since you need to add a rel=me link to a service that the site you're signing in to supports, which requires that site to register an OAuth application and deal with that service's API.

  I'm in the middle of renaming indieauth.com, the goal is that the wiki will redirect users to indielogin.com to authenticate them using the existing mechanisms: RelMeAuth, email, PGP, and IndieAuth. Nowhere in that flow will users see the term "IndieAuth" unless they include a rel=authorization_endpoint link on their website to an IndieAuth server of their choosing.

  I definitely agree that signing in to the wiki needs to be as simple as possible. That's the reason I added so many OAuth providers as well as alternate methods to indieauth.com (soon indielogin.com) in the first place. We've even had some people who want to sign in to the wiki but don't have a Twitter or GitHub account and don't want one, which is why I added things like email and PGP authentication options, which were not described by RelMeAuth.

  This is all to say that it's not the goal of this spec to include RelMeAuth. This spec is intended to be just the URL-based extension to OAuth 2.0. If "IndieAuth" is not the right name for this spec, that's a different issue.

  San Jose, California, USA • 52°F

  Wed, Jan 3, 2018 9:16am -08:00 #indieauth

• Announcing the IndieAuth Spec!

  It's been a long time coming, but I've finally published a proper IndieAuth spec!

  continue reading...

  2 likes 1 reply 3 mentions

  Tue, Dec 5, 2017 12:30pm -08:00 #indieweb #indiewebchallenge #indieauth #oauth2 #oauth
• William Narmontas https://www.scalawilliam.com/   •   Jul 8

  Number of sign-ins per month since 2012. If that info is not available, then just monthly number of hits on the site until now would suffice
  

  @scalawilliam That'll work!

  

  Portland, Oregon, USA

  2 likes

  Fri, Jul 7, 2017 9:04pm -07:00 #indieauth
• William Narmontas http://www.scalawilliam.com

  #IndieAuth is SO MUCH easier than OAuth! https://indieauth.com/developers
  No secret keys, etc, etc. Works against localhost!

  Portland, Oregon

  Sun, Jun 11, 2017 12:34am +00:00 (liked on Sat, Jun 10, 2017 8:43pm -07:00) #IndieAuth
• 

  Getting a head start on IndieWebCamp Nürnberg on the train with @sebsel, editing wiki pages about IndieAuth and indieauth.com

  Heigenbrücken, Bayern, DEU

  3 likes

  Wed, May 17, 2017 1:06pm +02:00 #indieauth #indiewebcamp
• Greg McVerry http://jgregorymcverry.com/   •   Mar 23

  we were looking at indieauth to include in thimble but passportjs warns folks not to use: http://bit.ly/2ns1xSV still true? #indieweb
  

  @jgmac1106 I don't know the state of that plugin, but you could just do it manually: https://indieauth.com/developers or https://indieweb.org/indieauth-for-login

  Portland, Oregon, USA

  Thu, Mar 23, 2017 10:13am -07:00 #indieauth

• Day 86: Updating IndieAuth Docs #100DaysOfIndieWeb

  Beginning a slow project of updating the docs about the IndieAuth spec, today I started by updating a few pages on the wiki. Right now, most of the docs about IndieAuth (the spec), and how to use it, live across a variety of pages on the wiki, grouped together at https://indieweb.org/Category:IndieAuth.

  continue reading...

  1 like 1 reply 2 mentions

  Thu, Mar 16, 2017 5:22pm -07:00 #100daysofindieweb #micropub #indieauth #oauth2

• Day 81: Removing SMS and Clef from IndieAuth.com #100DaysOfIndieWeb

  Sadly, Clef is shutting down in a couple months. If you haven't heard of it, it was a clever way to use your email and a mobile app to sign in to websites. I had integrated Clef logins to indieauth.com as one way to authenticate your email address. Since they are shutting down in June, I am proactively removing it from the website right now.

  continue reading...

  2 mentions

  Sat, Mar 11, 2017 10:18pm -08:00 #100daysofindieweb #indieauth #sms #clef

• Day 73: Updated Documentation for indieauth.com #100DaysOfIndieWeb

  Today I updated the documentation for indieauth.com to include a setup guide for using indieauth.com as your OpenID provider, and added more prominent links to the OpenID and PGP instructions in various places on the site.

  continue reading...

  2 mentions

  Fri, Mar 3, 2017 8:38pm -08:00 #100daysofindieweb #indieauth #openid
• Joel Purra https://joelpurra.com   •   Jan 9

  Almost none, but still some; might selfhost =) Like the distributed concept, would like to see more usage! https://lwn.net/Articles/708151/
  

  @joelpurra I like the concept too! My goal with #indieauth is to use domains as identities (like OpenID) but using OAuth 2.0 techniques.

  Portland, Oregon, USA

  1 like

  Mon, Jan 9, 2017 11:26am -08:00 #indieauth
• Joel Purra https://joelpurra.com   •   Jan 9

  Will consider #indieauth, but negatively angled "why not #openid" info had (has) me thinking otherwise https://indieweb.org/OpenID
  

  @joelpurra There also seem to be almost no OpenID providers left except indieauth.com, since myopenid shut down.

  Portland, Oregon, USA

  1 like 1 reply

  Mon, Jan 9, 2017 11:09am -08:00 #indieauth #openid
• Joel Purra https://joelpurra.com   •   Jan 9

  Will consider #indieauth, but negatively angled "why not #openid" info had (has) me thinking otherwise https://indieweb.org/OpenID
  

  @joelpurra Well I would never suggest anyone use OpenID 1 for anything new, but I can see how that's confusing. Will see if I can rephrase.

  Portland, Oregon, USA

  Mon, Jan 9, 2017 11:08am -08:00 #indieauth #openid
• Joel Purra https://twitter.com/joelpurra   •   Jan 9

  @oplife Yeah, saw #indieauth earlier; afaik they shut down #openid support. Really need openid for existing sites =(
  

  @joelpurra @oplife indieauth.com should still be running an OpenID provider. I just used it to sign in to StackOverflow yesterday!

  Portland, Oregon, USA

  5 replies

  Mon, Jan 9, 2017 10:54am -08:00 #indieauth #openid
• 

  Gave an unprepared live demo of IndieAuth.com at @w3c #tpac2016 and nothing broke 😮

  

  Lisboa, Lisboa, PRT

  8 likes 3 replies

  Wed, Sep 21, 2016 10:53am +01:00 #tpac2016 #indieauth #w3c