-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IndieAuth Identity Provider #4673
Comments
This should theoretically be possible via fosite as it supports configurable handlers, and any solution will have to have compatibility with the existing OAuth 2.0 / OAuth 2.1 / OpenID Connect 1.0 implementations. As IndieAuth uses the same endpoints (or at least from initial glances it uses the same discovery metadata) doing this while still conforming to OAuth 2.0 / OAuth 2.1 / OpenID Connect 1.0 specifications when using clients configured as such seems like a rock solid requirement. It would be good to:
|
I wanted to chime in, firstly, that I am a big fan of IndieAuth and would like to try Authelia for my self-hosted services, so being able to use the two together would be fantastic. I understand that there is a question of prioritization and a worry about spending time on implementations that might not be very popular compared to other options in the backlog. However, I'd suggest considering that IndieAuth is potentially a key enabling technology of a more "open" web, and while it might not currently be as popular as alternatives pushed by corporations, those tend to come with questionable motives (to be kind). IndieAuth is a W3C standard, which is also worth bearing in mind. Anyway, here's some information that might be useful:
I hope this is useful! |
Great list of links, @axb21! I just wanted to note that the current living standard is maintained at https://indieauth.spec.indieweb.org/. That's linked from within some of the links you listed, but the W3C document is older. Micropub clients are a common use (RP) for IndieAuth, there's a list of those on the indieweb wiki as well: https://indieweb.org/Micropub/Clients |
Sweet, thanks @gRegorLove! I didn't know about either of those. The list of Micropub clients is especially good (and long). |
Of course I'd also like to point out that all Yarn.social pods are valid and functioning IndieAuth providers of which there exists some 20+ in the wild I know about (counting decentralized stuff is hard 😅) |
https://micro.blog does as well |
We're looking for specifically an app I can install that conforms to the IndieAuth standards. So if we implement it we can at least test it against a real world app. |
You can install |
Description
Much like #189 I'd love to see IndieAuth as a first-class identity provider in Authelia. This would allow me to use Authelia in quite a number of (growing) places that are supporting IndieAuth.
If anyone is interested in this as well, I could help implement this by borrowing from yarn's implementation.
Use Case
Numerous, but primarily to use Authelia itself as an identity provider for any supported website or service that supports IndieAuth.
Details
A user wising to authenticate themselves to a website or web app (or anything else really) that supports IndieAuth, would enter the address/url of their Authelia instance. For example as a user I would enter
auth.mydomain.tld
. If I'm not already authenticated to Authelia, I will be asked to sign-in with my usual Authelia credentials. Once signed in, Authelia will ask me whether I want to approve the login request for the website/app. Once approved authorisation tokens are generated and I'm then signed in with my Authelia identity. (See below for specific details on the flow and implementation).Documentation
See IndieAuth and on the IndieWeb Wiki: IndieAuth
See also building a provider. There are a handful of Go libraries, however I am planning on separating out the ones used in Yarn.social's backend yarnd -- I'll post links here once I've done that (working on client side at the moment)
Pre-Submission Checklist
The text was updated successfully, but these errors were encountered: