From IndieWeb
Jump to: navigation, search

All Things Auth was a session at IndieWebCamp Berlin 2019.

Notes archived from: https://etherpad.indieweb.org/auth

IndieWebCamp Berlin 2019
Session: All Things Auth
When: 2019-05-04 14:30



IndieAuth is written on top of oAuth 2 so we didn't have to reinvent everything. It's mostly an extension on how to find endpoints. Your website will advertise your authorization endpoint. Using an http header or a "rel" in your website. Core problem: I have a website, I want to use that website as my identity. And I want to use my website for authorization.

selfauth is an indieauth implementation https://github.com/Inklings-io/selfauth

similar space as OpenID but openid only does authentication, not authorization

Open question, Why not Webfinger?

  • webfinger doesn't allow resources on subpages example.com/sonny (only top level domain or subdomain)

See https://indieweb.org/WebFinger (makes sense, I had similar concerns)

I mentioned VideoContext Library for Video maulipulation - https://github.com/bbc/VideoContext

See Also