What is IndieAuth?
IndieAuth is an implementation of RelMeAuth with a REST API on top.
IndieAuth is a way to use your own domain name to sign in to websites. It's like OpenID, but simpler! It works by linking your website to one or more authentication providers such as Twitter or Google, then entering your domain name in the login form on websites that support IndieAuth.
IndieAuth is part of the Indie Web movement to take back control of your online identity. Instead of logging in to websites as "you on Twitter" or "you on Facebook", you should be able to log in as just "you". We should not be relying on Twitter or Facebook to provide our authenticated identities, we should be able to use our own domain names to log in to sites everywhere.
IndieAuth was built to make it as easy as possible for users and for developers to start using this new way of signing in on the web, without the complexities of OpenID.
Why not OpenID Email etc
See: Why web sign-in.
How to set up IndieAuth
The IndieAuth API
The IndieAuth API lets you support RelMeAuth logins without writing all the OAuth code for each provider!
The IndieAuth source code is available on Github. Feel free to fork it and submit pull requests if you make any changes!
New Twitter users' "home page" or "web page" field on Twitter gets "t.co'd" which can interfere with IndieAuth.
Goal: IndieAuth should at least support consuming an OpenID provided by an indieweb server itself (i.e. perhaps ignore any OpenID delegation). Being a self-hosted OpenID provider enables the independent to completely avoid any silo dependency, even ephemeral, for authentication.
IndieAuth used to support consuming OpenID as well as web-sign-in.
There were strange problems with consuming OpenIDs from various OpenID providers
What were these specific issues? Let's document them here:
Want to help? See if you can contribute to one or more of the following: