Dweb: Identity for the Decentralized Web along with IndieAuth

In the Dweb series, we have been covering projects that explore what exactly is possible when the web becomes decentralized or distributed. These projects aren’ t affiliated with Mozilla, and some of these rewrite the rules of how we think in regards to a web browser. What they have in common: These types of projects are open source plus open for participation, and they talk about Mozilla’ s mission to keep the internet open and accessible for all.

We’ ve covered a number of projects so far within this series that require foundation-level changes towards the network architecture of the web. Yet sometimes big things can come through just changing how we use the internet we have today.

Imagine if you never needed to remember a password to login a website or app ever again. IndieAuth is a simple but powerful method to manage and verify identity utilizing the decentralization already built into the web by itself. We’ re happy to introduce Aaron Parecki, co-founder of the IndieWeb motion, who will show you how to set up your own personal independent identity on the web with IndieAuth.

– Dietrich Ayala

Introducing IndieAuth

IndieAuth is a decentralized login protocol that allows users of your software to sign in to other apps.

In the user perspective, it lets you how to use existing account to log in to several apps without having to create a new security password everywhere.

IndieAuth creates on existing web technologies, making use of URLs as identifiers. This causes it to be broadly applicable to the web nowadays, and it can be quickly integrated into current websites and web platforms.

IndieAuth has been developed more than several years in the IndieWeb community , a freely connected group of people working to enable people to own their online presence, plus was published as a W3C Note in 2018 .

IndieAuth Structures

IndieAuth is an expansion to OAuth 2 . 0 that enables any website to be its own identity provider. It creates on OAuth 2 . 0, benefiting from all the existing security considerations plus best practices in the industry around authorization plus authentication.

IndieAuth begins with the assumption that every identifier is really an URL. Users as well as applications are usually identified and represented by a WEB LINK.

When an user records in to an application, they start by getting into their personal home page URL. The application form fetches that URL and discovers where to send the user to authenticate, after that sends the user there, and can afterwards verify that the authentication was effective. The flow diagram below strolls through each step of the exchange:

Diagram displaying IndieAuth work-flow, from browser in order to client, to user URL in order to endpoint

Get Started with IndieAuth

The quickest method to use your existing website as your IndieAuth identity is to let an existing support handle the protocol bits plus tell apps where to find the support you’ re using.

If your website is using WordPress, it is simple to get started by installing the IndieAuth plugin ! After you install and activate the particular plugin, your website will be a full-featured IndieAuth provider and you can log in to web sites like https://indieweb.org immediately!

To set up your website personally, you’ ll need to choose a good IndieAuth server such as https://indieauth.com and add a few hyperlinks to your home page. Add a link to the particular indieauth. com authorization endpoint in an CODE < link> tag so that apps know where to send you to log in.

 < link rel="authorization_endpoint" href="https://indieauth.com/auth"> 

After that tell indieauth. possuindo how to authenticate a person by linking to either a GitHub account or email address.

 < a href="https://github.com/username" rel="me"> GitHub< /a>
< a href="mailto: you@example. com" rel="me"> Email< /a>

Note: This particular last step is unique to indieauth. com and isn’ t part of the IndieAuth spec. This is how indieauth. com can authenticate you without you creating a security password there. It lets you switch out the particular mechanism you use to authenticate, one example is in case you decide to stop using GitHub, without changing your identity in the site you’ re logging into.

If you don’ to want to rely on any third party providers at all, then you can host your own IndieAuth authorization endpoint using an existing open up source solution or build your very own. In any case, it’ s fine to begin using a service for this today, since you can always swap it away later without your identity transforming.

Now you’ lso are ready! When logging in to a web site like https://indieweb.org , you’ ll be questioned to enter your URL, after that you’ ll be sent to your selected IndieAuth server to authenticate!

Learn More

In case you’ d like to learn more, OAuth for the Open up Web talks about a lot of technical details and motivations at the rear of the IndieAuth spec.

You can learn how to build your own IndieAuth machine at the links below:

You can find the latest spec at indieauth. spec. indieweb. org . If you have any queries, feel free to drop by the #indieweb-dev route in the IndieWeb chat , or you can find myself on Tweets , or my website .

Aaron Parecki is the co-founder of the IndieWeb motion, and maintains oauth. net. He’s been involved in web standards given that 2010, and is the editor associated with several W3C Recommendations.

More content articles by Aaron Parecki…

If you liked Dweb: Identity for the Decentralized Web along with IndieAuth by Aaron Parecki Then you'll love Web Design Agency Miami

Add a Comment

Your email address will not be published. Required fields are marked *