Eddie Hinkle



Owning my authentication

For the last year, since I've been involved in the IndieWeb, I've used IndieAuth.com for my IndieAuth authentication. It's a hosted service for authorization and token endpoints that helps bridge the technological hurdle of allowing new people to the IndieWeb to start being able to login using the IndieAuth protocol.

A couple of weeks ago I had started working on some code for an authorization endpoint, and yesterday at IndieWebCamp Baltimore 2018, I finished it! Not only that, but I also built my own token endpoint! It's great to be owning all of the parts of my website now. From logging in, to authorizing apps, creating and managing tokens and accepting micropub posts.

The authorization endpoint looks like this after you log in:

I love having the ability to change the scope of access that I'm going to allow an app to have on my site, and now that I own the whole stack, I'm looking forward to being able to customize things more like being able to set specific data attributes to any posts that come in from a specific source app.

The token endpoint isn't as exciting, but I am excited to have added the ability to revoke tokens, so in the near future I'd like to add an interface that lists all the tokens that have been provided by my endpoint and provide a button that allows me to revoke each token that is still active that I don't want active.

Please note: This site is in an active redesign. Some things might be a little off 🧐