ClassicPress PetitionsClassicPress Petitions
This is a read-only archive. Post or comment on the live version of this page on our forums.

Add Indieauth as built in auth

October 20, 2018 · 16:10 · David Shanske

Indieauth is a layer on top of Oauth2. It eliminates the need for client registration by making your client id your URL. This solves the issue WordPress had with this.

+1 more
David Shanske
Daniele Scasciafratte

I think that is not the case to integrate an external service in the core because the project is open source and we will bind to that.
At this point is better implement one time password as 2FA that will not bind to a service or a client software like Facebook, Github, and Firefox do.
This plugin support that as example.

David Shanske

Daniele, I think you are misunderstanding this. IndieAuth is an Oauth2 identity layer that I am proposing would be built into Core and would not depend on an external service. The Indieauth plugin I linked to, which I am a contributor to, implements an authorization and a token endpoint using the REST API, so inside the site itself. The only login you'd use to allow an applicaton to get a token is your WordPress login.

WordPress proposed using a more traditional Oauth2 implementation that requires client registration, and the team there had the idea of running that through a service. The IndieAuth variant could run exclusively inside a WordPress install(the plugin does this already).

Daniele Scasciafratte

Thanks for the clarification, I was thinking that was a service for Oauth2 like many others :-)

David Shanske

I think developers want a way for their applications to get authenticated access to the REST API. That seems to be a constant demand. But few want the overhead or responsibility for third-party servers. This would bake all of that in.

James Nylen

I think this is definitely worth exploring.

Greg McVerry

Hey Daniele! I should have figured I'd find you here. I hope all is well!

Indieauth is an awesome OAuth2 solution using REST API.

If our goal. Is a stable system using open APIs it makes sense.