Announcing the IndieAuth Spec!
It's been a long time coming, but I've finally published a proper IndieAuth spec!
continue reading...
WeChat ID
aaronpk_tv
#indieauth
-
William Narmontas
https://www.scalawilliam.com/
•
Jul 8
Number of sign-ins per month since 2012. If that info is not available, then just monthly number of hits on the site until now would suffice
@scalawilliam That'll work!
-
#IndieAuth is SO MUCH easier than OAuth! https://indieauth.com/developers
No secret keys, etc, etc. Works against localhost! -
Getting a head start on IndieWebCamp Nürnberg on the train with @sebsel, editing wiki pages about IndieAuth and indieauth.com
-
Greg McVerry
http://jgregorymcverry.com/
•
Mar 23
we were looking at indieauth to include in thimble but passportjs warns folks not to use: http://bit.ly/2ns1xSV still true? #indieweb
@jgmac1106 I don't know the state of that plugin, but you could just do it manually: https://indieauth.com/developers or https://indieweb.org/indieauth-for-login -
Day 86: Updating IndieAuth Docs #100DaysOfIndieWeb
Beginning a slow project of updating the docs about the IndieAuth spec, today I started by updating a few pages on the wiki. Right now, most of the docs about IndieAuth (the spec), and how to use it, live across a variety of pages on the wiki, grouped together at https://indieweb.org/Category:IndieAuth.continue reading... -
Day 81: Removing SMS and Clef from IndieAuth.com #100DaysOfIndieWeb
Sadly, Clef is shutting down in a couple months. If you haven't heard of it, it was a clever way to use your email and a mobile app to sign in to websites. I had integrated Clef logins to indieauth.com as one way to authenticate your email address. Since they are shutting down in June, I am proactively removing it from the website right now.continue reading... -
Day 73: Updated Documentation for indieauth.com #100DaysOfIndieWeb
Today I updated the documentation for indieauth.com to include a setup guide for using indieauth.com as your OpenID provider, and added more prominent links to the OpenID and PGP instructions in various places on the site.continue reading... -
Joel Purra
https://joelpurra.com
•
Jan 9
Almost none, but still some; might selfhost =) Like the distributed concept, would like to see more usage! https://lwn.net/Articles/708151/
@joelpurra I like the concept too! My goal with #indieauth is to use domains as identities (like OpenID) but using OAuth 2.0 techniques. -
Joel Purra
https://joelpurra.com
•
Jan 9
Will consider #indieauth, but negatively angled "why not #openid" info had (has) me thinking otherwise https://indieweb.org/OpenID
@joelpurra There also seem to be almost no OpenID providers left except indieauth.com, since myopenid shut down.
-
Joel Purra
https://joelpurra.com
•
Jan 9
Will consider #indieauth, but negatively angled "why not #openid" info had (has) me thinking otherwise https://indieweb.org/OpenID
@joelpurra Well I would never suggest anyone use OpenID 1 for anything new, but I can see how that's confusing. Will see if I can rephrase.
-
Joel Purra
https://twitter.com/joelpurra
•
Jan 9
@oplife Yeah, saw #indieauth earlier; afaik they shut down #openid support. Really need openid for existing sites =(
@joelpurra @oplife indieauth.com should still be running an OpenID provider. I just used it to sign in to StackOverflow yesterday! -
Not that it's your fault, but I think you're starting to confuse the two roles of indieauth.com.
Role 1) indieauth.com is a service that developers can use to handle all the hard work of doing rel-me-auth with specific providers directly. In this case, the application developer has a trust relationship with indieauth.com and users should not be concerned that they're using indieauth.com, from their POV they are just signing in to the website. This is how the indiewebcamp.com wiki uses indieauth.com
Role 2) indieauth.com is a service that users can delegate their domain to. To use indieauth.com this way, the user links to indieauth.com as their `authorization_endpoint` on their domain. In this case, the user has a trust relationship with indieauth.com, and an application discovers the user's auth endpoint by following the rel link on their website. Micropub apps like Quill work this way, where you will only ever see indieauth.com if you have delegated to it yourself.
Does this help clear things up? In situation 2, you'll only ever see indieauth.com if you explicitly set it as your authorization endpoint. You could use indiecert.net or use your own auth server instead. In situation 1, where a developer has chosen to use indieauth.com instead of implementing authentication themselves, you're limited to the options that indieauth.com has implemented. However the idea is that indieauth.com implements a good number of options and in a secure way, making it a better option for developers than implementing PGP/SMS/GitHub/etc themselves.
With that in mind, could you rephrase your request in that context? -
Hm, would you want to delegate to the `pgp` one to prevent any other login mechanisms from being used? One of the nice things about indieauth.com showing multiple options is that depending on the device you're logging in on, you might want to choose a different option. For example I usually use GitHub or GPG login when I'm on my main computer, but use Twitter from my phone.
I can definitely see value in wanting to limit the options provided by indieauth.com to a subset of the rel-me links on your site. (Maybe I want Twitter listed on my site, but never want to use it for login.)
What about using the query string to indicate the supported providers?
`https://indieauth.com/auth?providers=github.com,pgp,sms` etc. In that case, indieauth.com could even present them to you in the order given.
Similar to https://github.com/aaronpk/IndieAuth.com/issues/112, if only one is set then it could redirect immediately instead of making you click the button, which would be a better user experience. -
New integrated authorization server for p3k
I just launched an update to p3k which adds an integrated authorization server. This means that now when I sign in to Micropub apps like Quill, it will redirect me to my own server where I can have more fine-grained control over the access I am granting the application.continue reading... -
@Sneakyness sounds like you're trying to use the OpenID service? Use openid.indieauth.com as your server and it should work
-
@starseerdrgn GPG is also supported. The goal is your domain is your identity. The authn mechanism is secondary. Happy to talk more about the motivations behind IndieAuth, since decentralized authentication is absolutely the goal.
-
Kyle Mahan: silo.pub supports native authentication (kylewm.com)
silo.pub supports "native" authentication now! #indieweb #micropub
