How does one release an open source web app which implements "sign in with Google" (or Github) without requiring everyone who deploys it to go and register a new app and URL at Google and Github? Surely there's a way?
1
3
I... don't think indieauth helps? That lets me sign in to sites as kryogenix.org but delegate that checking to github. It doesn't let me sign in to a site _as_ github, does it? And I don't think there's a way of misusing it to do that, but I'm open to ideas here!
1
IndieAuth.com implements microformats.org/wiki/relmea… and requires those links, so no, it can't be used in the way you describe.
You'd want IndieAuth.com without the rel="me" requirement: a service for webapps to talk to that handles all the different OAuths.
1
1
Yeah. I was hoping that if I put my auth URL into indieauth AS github.com/myusername, then it wouldn't bother following rel=me links and would just use it directly, but no. Might be an interesting enhancement, @aaronparecki? I bet @kevinmarks can tell me why it's a bad idea ;)
1
@sil Not a *bad* idea, but also not the goal of indieauth.com. At some point you'll be relying on someone's Github/Google API key, either that of indieauth.com or another service. Maybe check out oauth.io/ or auth0.com/
Nov 29, 2017 · 3:16 PM UTC
1