Consider adding indieauth tags #97

Open
opened 6 months ago by wiktor · 5 comments
wiktor commented 6 months ago

Hi,

Consider adding a couple of IndieAuth tags to each server-generated profile page:

<link rel="openid.delegate" href="https://keyoxide.org/" />
<link rel="openid.server" href="https://openid.indieauth.com/openid" />
<link rel="pgpkey" href="https://keys.openpgp.org/vks/v1/by-fingerprint/<fingerprint>">

This, coupled with rel=me tags that are already present (e.g. Twitter, GitHub) would allow people to log-in to OpenID connected sites using their keyoxide profile URLs! This includes all WordPress blog comments and possibly more...

See: https://indieauth.com/openid and https://indieauth.com/pgp

I got the idea from: https://anarchism.space/@matty/106275175614477123

Hi, Consider adding a couple of IndieAuth tags to each server-generated profile page: ``` <link rel="openid.delegate" href="https://keyoxide.org/" /> <link rel="openid.server" href="https://openid.indieauth.com/openid" /> <link rel="pgpkey" href="https://keys.openpgp.org/vks/v1/by-fingerprint/<fingerprint>"> ``` This, coupled with `rel=me` tags that are already present (e.g. Twitter, GitHub) would allow people to log-in to OpenID connected sites using their keyoxide profile URLs! This includes all WordPress blog comments and possibly more... See: https://indieauth.com/openid and https://indieauth.com/pgp I got the idea from: https://anarchism.space/@matty/106275175614477123
Owner

That is neat!!! Very cool! Sounds simple enough, let's see if we can get the community involved for the implementation 😃

That is neat!!! Very cool! Sounds simple enough, let's see if we can get the community involved for the implementation 😃
yarmo added the
enhancement
low hanging fruit
labels 6 months ago
yarmo added this to the Feature development project 6 months ago

@wiktor This is awesome idea, what sites suport OpenID login ?

@wiktor This is awesome idea, what sites suport OpenID login ?
Poster

Hi @yisraeldov, back in the day I was commenting a random blog and put my profile URL (that has these tags) in the "webpage" field and apparently it was Wordpress and it did the OpenID dance to authenticate my comment:

https://blogs.gentoo.org/mgorny/2019/01/29/identity-with-openpgp-trust-model/#comments

So maybe wordpress blogs do that?

Apparently people were thinking about using Keybase as a SSO server: https://anarchism.space/@matty/106275175614477123

And this feature would allow just that in a decentralized manner :)

Hi @yisraeldov, back in the day I was commenting a random blog and put my profile URL (that has these tags) in the "webpage" field and apparently it was Wordpress and it did the OpenID dance to authenticate my comment: https://blogs.gentoo.org/mgorny/2019/01/29/identity-with-openpgp-trust-model/#comments So maybe wordpress blogs do that? Apparently people were thinking about using Keybase as a SSO server: https://anarchism.space/@matty/106275175614477123 And this feature would allow just that in a decentralized manner :)

Adding to @yisraeldov 's question: My understanding is right that this addition would only work for sites that explicitly support logins via IndieAuth, correct?

Adding to @yisraeldov 's question: My understanding is right that this addition would only work for sites that explicitly support logins via IndieAuth, correct?
Poster

This would work for sites that support OpenID login not just IndieAuth. IndieAuth proxies PGP logins being an OpenID identity provider. As for sites that support it for example WordPress blog comments can use that. See for example comments here: https://blogs.gentoo.org/mgorny/2019/01/29/identity-with-openpgp-trust-model/

This would work for sites that support OpenID login not just IndieAuth. IndieAuth proxies PGP logins being an OpenID identity provider. As for sites that support it for example WordPress blog comments can use that. See for example comments here: https://blogs.gentoo.org/mgorny/2019/01/29/identity-with-openpgp-trust-model/
Sign in to join this conversation.
No Milestone
No Assignees
4 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.