earlier replies
Replying to @bradfitz @evntdrvn @skarra @davidcrawshaw @rstropek @schlagfell @Tailscale
I thought that at the time! But what stopped it? I know oauth1 had some crazy crypto-in-javascript nonsense that held it back, but that wasn't in openid. I'm not clear what happened there... or whether it's reversible :)
2
Brad, Didn't it have URLs as IDs or something? That part felt weird even at that time (vague memories...)
2
Yes, it used URLs instead of email addresses. It was ahead of its time. (Nowadays non-nerds people are more likely to identity with or share their Facebook or Instagram or Twitter or GitHub handle than an email) Relying Parties balked at not having an email address to spam with.
2
6
Have you considered using IndieAuth (indieauth.spec.indieweb.org) which does the same now? I’ve implemented it on my personal site (github.com/shurcooL/home/iss…) and I’m very happy with it. Especially during GitHub outages.

add support for signing in via IndieAuth · Issue #34 · shurcooL/home

Currently, it is possibly to sign in to home only via GitHub. While this has worked well and provides a simple user experience, it has some downsides: requires having a GitHub account doesn't w...

github.com
2
1
Here's some background on why this solves the particular problem you're talking about in this thread: aaronparecki.com/2018/07/07/…

OAuth for the Open Web

aaronparecki.com
1
4
Neat! Seems to still have the URL pasting problem though. How is that UX different from openid, which users didn’t like?
2
1
That problem can only be solved by browsers. Right now, most of the time the browser autocompletes my URL because I've entered it enough, so I'm not actually typing it out. With any amount of thought, browsers could automate that just like credit card payment forms.
1
1
If login were automated like credit card forms, it would fail about 50% of the time and need me to enter a page full of unnecessary personal information by hand. That’s not a good model. Why not let me enter an email address instead? That has a domain in it.
3
Why is entering an email address less work than entering a URL? What I'm saying is browsers could have an "account chooser" UI to save a URL and enter it in the login field.
2
That creates a chicken-and-egg problem: browsers won't adopt it unless it's popular. It won't be popular unless browsers adopt it. Chicken-and-egg problems create usually-insurmountable barriers to adoption.
1
Replying to @apenwarr @dmitshur @bradfitz @skarra @evntdrvn @davidcrawshaw @rstropek @schlagfell @Tailscale
That hasn't been true for years. Browser vendors are pushing new features that they want or think will be helpful. Here are some examples: github.com/WebKit/explainers See also all the Twitter threads of people getting angry that Chrome implements something before it's standardized.

GitHub - WebKit/explainers: Explainers from WebKit contributors

Explainers from WebKit contributors. Contribute to WebKit/explainers development by creating an account on GitHub.

github.com

Apr 10, 2020 · 4:16 PM UTC

1
Replying to @aaronpk @dmitshur @bradfitz @skarra @evntdrvn @davidcrawshaw @rstropek @schlagfell @Tailscale
The browser owners are happy to implement things that help with lock-in, such as Login with Google, Pay with Apple, etc. That's how we got where we are today. That's not chicken-and-egg for them, that's investment. Distributed systems that avoid lock-in need a different plan.
1