OpenWebAuth

From IndieWeb
Jump to: navigation, search


OpenWebAuth is the authentication protocol utilized by Zot6; making use of Webfingers, HTTP Signatures and token generation for headless authentication. Projects like Hubzilla make use of it for authentication.

Documentation

IndieWeb Examples

Criticism

  • Unclear on where the spec is actually defined
  • Uses cryptography in the spec itself rather than keeping cryptography at the transport layer
  • Relies on the site you're signing in to to accept the owt query parameter in every page, as opposed to confining the authentication code to a single URL that can redirect to the destination later
  • Uses HTTP signatures but doesn't specify how the keys are discoverable, so it is unclear where to read to find that out

See Also