AutoAuth was a session at IndieWebcamp Online 2019.
Notes archived from https://etherpad.indieweb.org/autoauth
IndieWebCamp Online 2019
When: 2019-03-09 17:00 UTC
current state: https://github.com/sknebel/autoauth
See small flow chart of how parties talk to eachother in the original sketch: https://indieweb.org/2018/Nuremberg/autoauth#Notes_from_Dinner
- This all takes place within the Microsub server. When you originally set up the Microsub server, it will request the external_token type so that can be used when a feed is found that has additional protected data.
- If the Microsub server needs further identification, it can send an alert within the Notifications channel.
- When the Microsub server is fetching what feeds are available, if a feed is listed as more content is available, the Microsub server should add an additional option to the "feed options" that would be the same feed but with (Authenticated as Name), so that a user can select whether they should be identified to the site or not for identity protection reasons.
- AutoAuth works with more than just private feeds, it works for Private Webmentions as well.
- In fact the original demo at Nuremberg was more like a webmention than a private feed.
- If used for webmention, the token might be set for expiration. If a token is expired it would use the standard OAuth response for expired token.
- You also might be able to define within the token that it is only valid for a specific url?
Live action reenactment of OAuth:
- we need to do this for this spec so it's easier to visualize