OpenWebAuth

This article is a stub. You can help the IndieWeb wiki by expanding it.

OpenWebAuth is the authentication protocol utilized by Zot6; making use of Webfingers, HTTP Signatures and token generation for headless authentication. Projects like Hubzilla make use of it for authentication.

Documentation

• https://framagit.org/zot/zap/blob/dev/spec/OpenWebAuth/Home.md
• https://project.hubzilla.org/help/developer/zot_protocol#Magic_Auth

IndieWeb Examples

• Add yourself here… (see this for more details)
• ...

Criticism

• Unclear on where the spec is actually defined
• Uses cryptography in the spec itself rather than keeping cryptography at the transport layer
• Relies on the site you're signing in to to accept the owt query parameter in every page, as opposed to confining the authentication code to a single URL that can redirect to the destination later
• Uses HTTP signatures but doesn't specify how the keys are discoverable, so it is unclear where to read to find that out

See Also

• cryptography
• IndieAuth
• OAuth