Ō̴̡̨͍͕̠̹̘͖͓̭̝̰̖͉̬̫͍̝̰̟͖͖̞͇̟̻̫͇̠̯̋̋̂ͅͅA̷̡̧͎̫̬͖̠͍̼̗̠͊̉̏̓̈́̂̀̈́͆͘͜uth @oktadev oauth.wtf oauth.net 🎥 livestreaming youtube.com/aaronpk aaronpk.tv 💛 #indieweb 🐘🦋
Portland, Oregon
Joined April 2008
- Tweets 11,388
- Following 1,223
- Followers 6,415
- Likes 9,609
take a look at my activitypub conference talk, starting at 11:50, I address the UX aspect of it here: aaronparecki.com/2020/09/22/…
also happy to set up a time to chat about this instead! I think we have a lot of similar goals!
1
nobody said "force". my goal is to *enable* indie identities, something that is pretty much completely glossed over by the current OIDC ecosystem.
1
I appreciate the commitment to prove this with a photo and am also very curious about what's in your bookmark toolbar and open tabs
1
1
Email addresses *are* domain-based auth. I think you’re conflating two different parts of the system. In IndieAuth, the canonical user identifier doesn’t have to be the thing the user enters in a login prompt. This is also true for almost every other authentication system.
1
To be clear, I’m not sure this is a *good* idea, and it also requires a bit of code running at the web server of the root domain, but it does work.
1
As a client developer you have to: 1) follow the spec by assuming “http” if no scheme is entered, and 2) allow the user-entered URL to contain a username component.
1
I’ll admit it’s a bit of a “hack”. The trick is “aaron@parecki.com” is a URL because if you assume the http scheme then you get http://aaron@parecki.com which is a username but no password with HTTP basic auth. The server can switch what it returns based on that username.
1
This one I’m really confused on, and we should probably chat about it to clear things up. IMO OIDC is more of a barrier here because the default is that clients need to register. With IndieAuth there is no expectation of client registration at all.
1
There is no obligation that you have to register your own domain for IndieAuth to work. I’ve talked about this at ActivityPub Conference showing how they can use IndieAuth to enable a standards-based app ecosystem for ActivityPub/Mastodon apps. That of course uses shared domains.
1
1
2
so it turns out this works. I can type in “aaron@parecki.com” in an indieauth prompt and it works. because that is a URL.
1
a side benefit of not owning a car is being able to completely ignore these without even a second thought 😂
1
I use Unifi cameras cause the whole thing runs locally and records to a pile of hard drives in my closet
1
People who pull down their mask in public to cough... you do know why you're wearing it right? 🙄
3
1
15
yeah exactly, and users of this CMS are going to care exactly zero what fancy tech it's built with, so it's more important that it works well than it's built with the latest JS framework or the blockchain or whatever sorry do I sound bitter? 😇
1
1
probably still PHP + MySQL, likely using Laravel, but a server-rendered UI with maybe a hint of javascript for some nice interactions. I'm old.
1
8