All Things Auth was a session at IndieWebCamp Berlin 2019.
Notes archived from: https://etherpad.indieweb.org/auth
IndieWebCamp Berlin 2019
Session: All Things Auth
When: 2019-05-04 14:30
- Martijn van der Ven (facilitator)
- Sven Knebel (note taking)
- Calum Ryan
- Ian cubicgarden.com
- David Shanske (lurking in Etherpad from other session)
- Add yourself here… (see this for more details)
IndieAuth is written on top of oAuth 2 so we didn't have to reinvent everything. It's mostly an extension on how to find endpoints. Your website will advertise your authorization endpoint. Using an http header or a "rel" in your website. Core problem: I have a website, I want to use that website as my identity. And I want to use my website for authorization.
similar space as OpenID but openid only does authentication, not authorization
Open question, Why not Webfinger?
- webfinger doesn't allow resources on subpages example.com/sonny (only top level domain or subdomain)
See https://indieweb.org/WebFinger (makes sense, I had similar concerns)
- Diagrams: https://github.com/sknebel/AutoAuth/issues/9 (https://www.svenknebel.de/temp/autoauth_diagram.svg , https://svgshare.com/i/BhB.svg)
I mentioned VideoContext Library for Video maulipulation - https://github.com/bbc/VideoContext