IndieAuth Consumer #13

Open
opened 3 years ago by malacoda · 1 comments
malacoda commented 3 years ago
Owner

IndieAuth is a decentralized identity protocol built on top of OAuth 2.0. Identities are HTTP URIs which delegate to an IndieAuth provider. Badger Who Server should be able to authenticate a given IndieAuth identifier using the Authentication Flow. Who Server does not need authorization and thus does not need to use the Authorization Flow to get a token.

In that respect it more or less replaces the Badger OpenID Connect protocol, and should probably be preferred over that wherever possible as it is a W3C spec. However, I can see value in supporting both, as Badger OIDC supports both acct: and http: URIs.

It's in scope for phase 1 to act as both a provider (#5) and consumer of this protocol, but as Badger Who Server doesn't yet provide user profiles (and I'm not sure if that's in scope) a user would probably need to have a URI they control to delegate to the Who Server to act as the authorization_endpoint.

[IndieAuth](https://indieauth.net/) is a decentralized identity protocol built on top of OAuth 2.0. Identities are HTTP URIs which delegate to an IndieAuth provider. Badger Who Server should be able to authenticate a given IndieAuth identifier using the [Authentication Flow](https://indieauth.spec.indieweb.org/#authentication). Who Server does not need authorization and thus does not need to use the Authorization Flow to get a token. In that respect it more or less replaces the Badger OpenID Connect protocol, and should probably be preferred over that wherever possible as it is a W3C spec. However, I can see value in supporting both, as Badger OIDC supports both acct: and http: URIs. It's in scope for phase 1 to act as both a provider (#5) and consumer of this protocol, but as Badger Who Server doesn't yet provide user profiles (and I'm not sure if that's in scope) a user would probably need to have a URI they control to delegate to the Who Server to act as the `authorization_endpoint`.
malacoda added this to the Phase I milestone 3 years ago
malacoda added the
remote login
label 3 years ago
Poster
Owner

It may be worth considering having the ability to specify an implicit authorization_endpoint for certain classes of identifiers (for example, having the ability to delegate any RelMeAuth pages with only Silo links to IndieLogin.com, without requiring an explicit authorization_endpoint to point to them)

It may be worth considering having the ability to specify an implicit `authorization_endpoint` for certain classes of identifiers (for example, having the ability to delegate any RelMeAuth pages with only Silo links to IndieLogin.com, without requiring an explicit `authorization_endpoint` to point to them)
Sign in to join this conversation.
No Milestone
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.