IndieAuthIndieAuth.com Provider Status:
See indieauth.com IndieAuth is a way to use your own domain name to sign in to websites — it's like OpenID, but works with services you likely already use, and is much easier to setup.
IndieAuth was built to make it as easy as possible for users and for developers to start using this new way of signing in on the web, without the complexities of OpenID. IndieAuth is an implementation of web sign-in and additional sign-in methods (email (via Persona), GPG). It works by linking your website to one or more authentication providers such as Twitter or Google, then entering your domain name in the login form on websites that support IndieAuth. IndieAuth setup on your personal domain is a requirement for IndieMark Level 1. WhyIndieAuth is part of taking back control of your online identity. Instead of logging in to websites as "you on Twitter" or "you on Facebook", you should be able to log in as just "you". We should not be relying on Twitter or Facebook to provide our authenticated identities, we should be able to use our own domain names to log in to sites everywhere. The #1 reason to setup IndieAuth is because you've found this wiki, and setting up IndieAuth will allow you to login and contribute to the community, including doing common things like:
There are also some IndieMark features that are built upon having IndieAuth support on your site (e.g. private messaging). How toSet up
Use IndieAuth for your OpenIDUsing indieauth.com as an OpenID delegate allows you to sign in to any site that consumes OpenID using your IndieAuth setup. To use indieauth.com as an OpenID delegate for the OpenID identifier of your site, add the following two link tags to the HTML (inside the <link rel="openid.delegate" href="http://aaronparecki.com/" /> <link rel="openid.server" href="https://indieauth.com/openid" /> UsersIndieWeb ExamplesEvery person/site in irc-people and Special:RecentChanges has setup IndieAuth on their personal domain, since it is required to edit the wiki! MicropubMany Micropub implementations use IndieAuth for authentication, including: Supporting Sites(This section is a stub and needs expansion!) There are a growing number of web sites that you can log into using IndieAuth and gain additional functionality:
Details
Table of ContentsFAQWhy is my https domain not working?Q: Why does entering just my domain name (which automatically redirects http to https) not work in IndieAuth? A: To log in with indieauth as a domain served over HTTPS, you have to type the whole URL, including https://, otherwise most implementations will assume HTTP, and HTTP to HTTPS redirects are considered insecure (especially important for purposes of authentication!) Why is Twitter not workingWhile there are several reasons why Twitter might not working for IndieAuth sign-in, here are some common things to look for:
Why is GitHub not working
Why am I getting "insecure redirect" errors?
Why is Google+ not working
Why is IndieAuth and GitHub Pages not playing nicely?Are you getting a funny error when trying to log into IndieAuth with credentials hosted on your Github Pages powered website? This is likely due to an outdated DNS record! Quick fix:
What is happening is that if your DNS record points to the old github pages IP address, it sometimes 301 redirects to `/` which is non-standard and IndieAuth does not currently support relative URLs when discovering credentials. See this issue: https://github.com/aaronpk/IndieAuth/issues/46#issuecomment-34565297 Github also wrote a blog post about this change, which many people missed: https://github.com/blog/1715-faster-more-awesome-github-pages How do I make my site do the authorization itselfFor how to do distributed or delegated IndieAuth, see distributed-indieauth. How do I use a specific other site for my IndieAuthIs it good to delegate auth to 3rd partiesIs it good to delegate authentication to third parties like Facebook or Twitter for IndieAuth?[2] IndieAuth only relies on third parties for ephemeral authentication, once per IndieAuth login attempt. Because the reliance is only ephemeral/transactional, the delegation is ok. It's not great, but it's ok, and certainly better than directly using (Facebook Connect) or the equivalents for other silos. IndieAuth also provides better UI flow and fallbacks than OpenID, while re-using the OAuth flow that users are familiar with from Twitter, Github etc., so it's an incremental improvement over other open identity solutions. What if I have more than one domainIndieAuth requires symmetric rel=me links on your page and the OAuth provider profile page, and since most silos (like Github and Twitter) only allow you to put one rel=me link on your profile, you cannot use any one profile for multiple domains. There are a few alternatives:
Why not use a DNS TXT recordQ: Why not allow configuring a rel=me link by adding a DNS TXT record to the domain? A: Two reasons:
Why not OpenID Email etcSee: Why web sign-in. Why not WebFingerWhy not add WebFinger support to IndieAuth? "The problem is it's too easy to not own your email address (@gmail.com, etc) so it's not really an "indie" identifier. The point of IndieAuth is to encourage people to own their online identity."[3][4] Why is the IndieAuth verification response form-encoded instead of JSONIndieAuth uses standard form-encoding for requests and response because it has been a standard encoding format since the beginning of the web. If it were a JSON response, then 7 years down the road you'd be asking "why is the response in JSON instead of ____" where ____ is the next trendy thing that replaces JSON. (Remember when XML was the new hotness?) Proposal for content negotiation: https://www.tuxed.net/fkooman/blog/proposed_changes_to_indieauth_protocol.html#content_negotiation — Wwelves.org perpetual-tripper 02:26, 5 March 2015 (PST)
Empty Session ErrorsIf you are seeing strange error messages about empty sessions, you may have blocked cookies! Make sure you allow cookies from indieauth.com and whatever service provider you are using. More FAQSee Frequently Asked Questions for more FAQs. The IndieAuth.com ServiceThe IndieAuth.com service lets you support RelMeAuth logins without writing all the OAuth code for each provider! It also supports a few additional non-OAuth providers such as Email, SMS and GPG. Source CodeThe IndieAuth.com source code is available on GitHub. Feel free to fork it and submit pull requests if you make any changes! Feature RequestsFollowingsAuth consumers (e.g. Upcoming.org: https://www.kickstarter.com/projects/waxpancake/the-return-of-upcomingorg/posts/1167812) want to quickly allow users to to follow people and organizations they're already interested in, e.g. their lists of followings from their personal website. Opening the Source and The Great Auth Debate, ,
For events in particular, people are likely to want to attend events with friends. Location InformationAuth consumers (e.g. Upcoming.org: https://www.kickstarter.com/projects/waxpancake/the-return-of-upcomingorg/posts/1167812) want location information for users. Knowing a user's current location is critical information for event sites, e.g. getting current city at login time (for onboarding, or showing events near you). Opening the Source and The Great Auth Debate, , This could be done via a user's homepage profile h-card, or it could also use recent checkins. IssuesPlease open specific bugs and action items on the IndieAuth Github project. This page is for collecting thoughts that may not yet be action items or for things that apply to the IndieAuth protocol in general rather than the indieauth.com implementation. Contact page supportSome sites (which? list examples below) have a separate /about or /contact page where they list all their other profiles with rel-me links, and then link to that separate page from their home page with rel=me. This is a valid way to support web-sign-in per the relmeauth spec. However, IndieAuth does not currently support following one-deep rel-me links on people's sites to look for auth providers. Note: Crawling the second level of links will add significant time to the "scan" part of indieauth. One optimization is to only crawl a second level link if it's on the same domain as the authenticating domain. This means you wouldn't be able to have the chain example.com -> about.me/example -> github.com/example, you'd have to have something like example.com -> example.com/about -> github.com/example. Aaronparecki.com 09:08, 1 September 2013 (PDT)
Sites in the wild with a contact page separate to the homepage
Security
Need Simple Copy Paste How ToThe explanation in http://waterpigs.co.uk/articles/indiewebcamp-signin-ux/ provides a list of three lengthy descriptions of what you need to setup IndieAuth, which was then subsequently criticized as "this is not a straightforward process" in the post: http://aralbalkan.com/notes/on-evolving-indieauth/ Thus we need a a simple copy paste how to that is not three lengthy descriptions. Any explanation of how to use IndieAuth needs to start with a 1-2 sentence summary. No more. Compare with:
Explanations for IndieAuth need to be at least as simple to understand as those for Twitter Sign-in and Facebook Connect. Selectively Displaying rel-me InfoSelectively Displaying rel-me Info (e.g. hiding your phone number). Tantek points out that he would like to be able to use SMS auth on IndieAuth, but doesn't want his cell phone number public on his site. [5] Ideally your site would know that the request was coming from an (your?) IndieAuth server, and only render your phone number if so. This would require either
1 pre-registrationHere is a potential example flow.
2 public key
Please document here if there is some other existing mechanism that can solve this! potential workaroundA potential workaround is putting your phone number in a Better Error HandlingMy experience was that I had a slight URL mismatch when I first tried to set up IndieAuth, something like an http/https goof or having a trailing slash in one place and no trailing slash in the other. Whatever the problem, it prevented sign-in. I figured out that problem, but when I tried to sign back in, I got the error: Parameter "profile" must be one of the rel=me links in the site specified in the "me" parameter This didn’t make any sense to me, as a novice to IndieAuth. After several failed retries, I finally realized that IndieAuth.com had cached my old URL and needed me to rescan to pick up the corrected information. Once I did that, everything worked -- Eric Meyer Two possible fixes here:
Edge CasesWhat About RDFa ProblemsIf you use RDFa and are having problems, see rel=me: What about RDFa Problems. To doWant to help? See if you can contribute to one or more of the following:
Talks
Articles
See Also |