Ō̴̡̨͍͕̠̹̘͖͓̭̝̰̖͉̬̫͍̝̰̟͖͖̞͇̟̻̫͇̠̯̋̋̂ͅͅA̷̡̧͎̫̬͖̠͍̼̗̠͊̉̏̓̈́̂̀̈́͆͘͜uth @oktadev oauth.wtf oauth.net 🎥 livestreaming youtube.com/aaronpk aaronpk.tv 💛 #indieweb 🐘🦋
Portland, Oregon
Joined April 2008
- Tweets 11,388
- Following 1,223
- Followers 6,415
- Likes 9,609
Usually you'll create a new set of client credentials that represents the resource server, since the OAuth client shouldn't be introspecting tokens. There isn't really any other form of authentication for the API so it's kind of an overloading of the term "client credentials"
1
Funny you should ask... I literally just finished editing a video about it, it'll be live at 6:15am pacific tomorrow!
2
Thanks! I haven't actually used any of my own because they're just so expensive. I've used some when doing gigs at a venue that has them installed. The picture off them leaves something to be desired too, but maybe they've gotten better now.
Assigning colors to Gmail labels really makes my inbox look a lot more fun. I don't know why I didn't do this ages ago.
3
That's for the final profile URL. The user can enter something different at the start, and if that contains a username component then the trick works.
1
take a look at my activitypub conference talk, starting at 11:50, I address the UX aspect of it here: aaronparecki.com/2020/09/22/…
also happy to set up a time to chat about this instead! I think we have a lot of similar goals!
1
nobody said "force". my goal is to *enable* indie identities, something that is pretty much completely glossed over by the current OIDC ecosystem.
1
I appreciate the commitment to prove this with a photo and am also very curious about what's in your bookmark toolbar and open tabs
1
1
Email addresses *are* domain-based auth. I think you’re conflating two different parts of the system. In IndieAuth, the canonical user identifier doesn’t have to be the thing the user enters in a login prompt. This is also true for almost every other authentication system.
1
To be clear, I’m not sure this is a *good* idea, and it also requires a bit of code running at the web server of the root domain, but it does work.
1
I’ll admit it’s a bit of a “hack”. The trick is “aaron@parecki.com” is a URL because if you assume the http scheme then you get http://aaron@parecki.com which is a username but no password with HTTP basic auth. The server can switch what it returns based on that username.
1
This one I’m really confused on, and we should probably chat about it to clear things up. IMO OIDC is more of a barrier here because the default is that clients need to register. With IndieAuth there is no expectation of client registration at all.
1
There is no obligation that you have to register your own domain for IndieAuth to work. I’ve talked about this at ActivityPub Conference showing how they can use IndieAuth to enable a standards-based app ecosystem for ActivityPub/Mastodon apps. That of course uses shared domains.
1
1
2