IndieAuth for login is a user flow and protocol for web applications to implement user login via an authorization server. The user chooses an authorization server by linking to it from their home page.
- User enters their personal web address in the login form of the web application and clicks "Log in"
- Web application discovers the authorization endpoint by fetching the user's homepage
- Web application redirects the user's browser to the authorization endpoint
- Authorization endpoint verifies the user, e.g. by logging in
- Authorization endpoint redirects the browser back to the web application, including a code
- Web application verifies the code directly with the authorization endpoint
- User is logged into the web application
How to Specify an Authorization Endpoint
Applications will check the URL entered as the identity for a link tag with a rel value of "authorization_endpoint". You can place this code on your home page to delegate to a specific authorization endpoint of your choosing.
<link rel="authorization_endpoint" href="http://indieauth.example.org/">