Implementing IndieAuth for Datasette - inspired by a weekend spent at IndieWebCamp East Coast #indieweb simonwillison.net/2020/Nov/1…

IndieAuth is essentially the spiritual successor to OpenID - it lets you use your own domain name to sign-in to services in a decentralized fashion Since Datasette actively encourages deploying brand new web applications to new URLs on a whim, it's a great fir for authentication

😢 @aaronpk knows my stance on this well - domain-based auth is exclusionary and confusing to users. IndieAuth should just use email addresses, even if it's not doesn't use webfinger and just does s/@([^.*]\..*$/\1/ with the address.

Has anyone tried an authentication mechanism based on some kind of DNS TXT record where you look up the user's auth provider based on a DNS record attached to their email domain?

That was literally where we started 12+ years ago. ;-) DNS is kind of hard to implement for most, and is actually less secure than HTTPS, hence webfinger discovery as this mechanism (webfinger led to .well-known being standardised, which is what letsencrypt & others use).

I haven't tracked closely, but DNSSEC is still not widely deployed, right?