web-sign-in-protocol

From IndieWeb
Jump to: navigation, search


This page describes using IndieAuth for authentication rather than authorization. In this case, no token endpoint or Micropub endpoint are needed, and the user did not delegate authorization to a specific endpoint so the client searches for known authentication providers.

Contents

Examples

In these examples, the following URLs will be used.

The site the user is signing in to is the IndieWebCamp wiki:

The user signing in is Aaron Parecki:

In this example, Aaron has not delegated authorization to an external service, but instead has added a rel=me link to other profiles:

  • <a href="https://github.com/aaronpk" rel="me">github.com/aaronpk</a>
  • <a href="https://twitter.com/aaronpk" rel="me">twitter.com/aaronpk</a>
  • <link rel="pgpkey" href="/files/key.asc">

Web Sign-In Form

The site contains a web sign-in form prompting the user to enter their URL to sign in. Upon submitting the form, the site begins the auth process by discovering the user's auth endpoint, and if none is found, looks for supported rel=me services.

indieauth-web-sign-in.png

Discovery

aaronparecki.com points to multiple silo authorization services by specifying rel=me values on the index page, as well as links to a GPG key.

<link rel="me" href="https://github.com/aaronpk">
<link rel="me" href="https://twitter.com/aaronpk">
<link rel="pgpkey" href="/files/key.asc">

Authorization

The wiki should present an interface describing the request being made. It must indicate:

  • The name of the site making the request
  • Give the user choices of using any supported auth providers they have listed on their home page

Complete

After the site authenticates the user at one of their mutually agreed upon providers, the site can consider the user signed in.

See Also

Personal tools
Namespaces
Variants
Actions
Recent & Upcoming
Resources
Toolbox