2019/Berlin/auth

All Things Auth was a session at IndieWebCamp Berlin 2019.

Notes archived from: https://etherpad.indieweb.org/auth

IndieWebCamp Berlin 2019
Session: All Things Auth
When: 2019-05-04 14:30

Participants

• Martijn van der Ven (facilitator)
• Sven Knebel (note taking)
• https://jandinter.net/
• https://jansauer.de/
• Calum Ryan
• Sonny
• Ian cubicgarden.com
• David Shanske (lurking in Etherpad from other session)
• Add yourself here… (see this for more details)

Notes

IndieAuth is written on top of oAuth 2 so we didn't have to reinvent everything. It's mostly an extension on how to find endpoints. Your website will advertise your authorization endpoint. Using an http header or a "rel" in your website. Core problem: I have a website, I want to use that website as my identity. And I want to use my website for authorization.

selfauth is an indieauth implementation https://github.com/Inklings-io/selfauth

similar space as OpenID but openid only does authentication, not authorization

Open question, Why not Webfinger?

• webfinger doesn't allow resources on subpages example.com/sonny (only top level domain or subdomain)

See https://indieweb.org/WebFinger (makes sense, I had similar concerns)

• https://github.com/sknebel/AutoAuth
• Diagrams: https://github.com/sknebel/AutoAuth/issues/9 (https://www.svenknebel.de/temp/autoauth_diagram.svg , https://svgshare.com/i/BhB.svg)

I mentioned VideoContext Library for Video maulipulation - https://github.com/bbc/VideoContext

See Also

• 2019/Berlin/Schedule