home.social

#indieauth — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #indieauth, aggregated by home.social.

  1. One thing I really like about ATProto/Atmosphere is the concept of a PDS, or Personal Data Server, storing all your account data.

    The other day someone announced bookhive.buzz, basically ATProto take on bookwyrm.social, but unlike Bookwyrm, which requires you to create a separate account, Bookhive lets you log in with your PDS, most commonly your Bluesky account.

    That's actually pretty neat.

    And we could have something similar with Federated Credential Management (FedCM).

    developer.mozilla.org/en-US/do

    Here's a GitHub issue requesting this for Mastodon:

    github.com/mastodon/mastodon/i

    #fediverse #mastodon #FedCM #indieauth #SocialMedia #ATProto #PDS

  2. One thing I really like about ATProto/Atmosphere is the concept of a PDS, or Personal Data Server, storing all your account data.

    The other day someone announced bookhive.buzz, basically ATProto take on bookwyrm.social, but unlike Bookwyrm, which requires you to create a separate account, Bookhive lets you log in with your PDS, most commonly your Bluesky account.

    That's actually pretty neat.

    And we could have something similar with Federated Credential Management (FedCM).

    developer.mozilla.org/en-US/do

    Here's a GitHub issue requesting this for Mastodon:

    github.com/mastodon/mastodon/i

    #fediverse #mastodon #FedCM #indieauth #SocialMedia #ATProto #PDS

  3. One thing I really like about ATProto/Atmosphere is the concept of a PDS, or Personal Data Server, storing all your account data.

    The other day someone announced bookhive.buzz, basically ATProto take on bookwyrm.social, but unlike Bookwyrm, which requires you to create a separate account, Bookhive lets you log in with your PDS, most commonly your Bluesky account.

    That's actually pretty neat.

    And we could have something similar with Federated Credential Management (FedCM).

    developer.mozilla.org/en-US/do

    Here's a GitHub issue requesting this for Mastodon:

    github.com/mastodon/mastodon/i

    #fediverse #mastodon #FedCM #indieauth #SocialMedia #ATProto #PDS

  4. One thing I really like about ATProto/Atmosphere is the concept of a PDS, or Personal Data Server, storing all your account data.

    The other day someone announced bookhive.buzz, basically ATProto take on bookwyrm.social, but unlike Bookwyrm, which requires you to create a separate account, Bookhive lets you log in with your PDS, most commonly your Bluesky account.

    That's actually pretty neat.

    And we could have something similar with Federated Credential Management (FedCM).

    developer.mozilla.org/en-US/do

    Here's a GitHub issue requesting this for Mastodon:

    github.com/mastodon/mastodon/i

    #fediverse #mastodon #FedCM #indieauth #SocialMedia #ATProto #PDS

  5. One thing I really like about ATProto/Atmosphere is the concept of a PDS, or Personal Data Server, storing all your account data.

    The other day someone announced bookhive.buzz, basically ATProto take on bookwyrm.social, but unlike Bookwyrm, which requires you to create a separate account, Bookhive lets you log in with your PDS, most commonly your Bluesky account.

    That's actually pretty neat.

    And we could have something similar with Federated Credential Management (FedCM).

    developer.mozilla.org/en-US/do

    Here's a GitHub issue requesting this for Mastodon:

    github.com/mastodon/mastodon/i

    #fediverse #mastodon #FedCM #indieauth #SocialMedia #ATProto #PDS

  6. CW: indieweb tech: micropub

    I'm making some progress on my micropub endpoint based on the go.hacdias.com/indielib library.

    I can now use my endpoint for IndieAuth, and store posts on the filesystem, in the custom TOML page format I use. I'm having some trouble with the `micropub?q=config` route, and haven't started working on git sync or the media endpoint yet. One step at a time.

    The main issue that's holding me back now, is that it's really hard to test if everything works as intended. I've been testing using Quill and Sparkles via my server now, but it's less than ideal to not be able to test it locally. Any advice would be appreciated 😅

    Also, micropub.rocks doesn't work for me at all, because it doesn't use PCKE apparently.

    But the clients are way easier than how I was updating my site until now, so I have enough motivation to keep at it!

    #micropub #IndieAuth #indieweb

  7. This also made me realise I want to give implementing #micropub and #indieauth for my website another go. It isn't the easiest of protocols, last time I gave up. But I'd love to remove some friction of posting to my site (esp. images). Too bad there isn't a ready made Go project of these protocols, that builds a static site and syncs with Git. I'll try rolling my own again using pkg.go.dev/go.hacdias.com/indi by @hacdias and see if I have better luck this time.

  8. Fixed: IndieAuth login broken for third-party apps

    After adding security headers (Content-Security-Policy) to harden the site, logging in with IndiePass and other IndieAuth clients silently failed — tapping “authorize” did nothing.

    The culprit was form-action ‘self’ in the CSP, which blocked Browsers from following the consent form’s redirect to the client’s callback URL (e.g., indiepass.app/android-callback).

    Changed to form-action ‘self’ https: to allow IndieAuth redirects to any HTTPS callback. Affects all third-party IndieAuth clients (Micropub editors, Microsub readers, etc.), not just IndiePass.

    🔗 https://rmendes.net/notes/2026/02/22/a202f

  9. Finished my December Adventure with an unfinished project, as is tradition. I'm in the process of extracting a standalone IndieAuth client atop the OAuth2 crate. Full adventure log:

    rossabaker.com/series/december

    #DecemberAdventure #IndieAuth #Rust

  10. My December Adventure detoured into an implementation of IndieAuth. I need an authenticated section to process the pending Webmentions before they're made visible to the public. Instead of maintaining my own credentials, I wanted to stay in the IndieWeb spirit and authenticate against my own website and its rel=me links. Success!

    - more on IndieAuth: indieauth.net/
    - ongoing adventure log: rossabaker.com/series/december

    #IndieAuth #Webmentions #IndieWeb #DecemberAdventure

  11. I think I have all the pieces set up and Umbrella is ready to go. It is a simple 11ty starter site that has IndieAuth, Micropub, and Webmentions built in using Netlify functions.

    I've been using all of these pieces on my site for a bit but I wanted to put them all together in one place just in case it could help others start their own site.

  12. If you have your own GitHub profile url as a primary link on your Mastodon/Fediverse profile url and vice versa you can "Log In" with your profile url and use #IndieAuth to RSVP for this event. And of course you can use your own domain with that. #IndieWeb RSVP-ing is optional, as stated. We'll be around, webmastering.

  13. I'm slowly getting the hang of IndieWeb building blocks. Today I set up IndieAuth on my server using selfauth! Now I can authenticate myself as "moule.world" on any website that supports IndieAuth, including Owncast livestream chats!

    How to setup selfauth: indieweb.org/selfauth

    My next plan: making an "announcements" section of my website, which will use microformats2, support webmentions, hopefully Fediverse reactions and comments, and of course good ol' RSS.

    #IndieAuth #IndieWeb #SelfAuth

  14. I’ve spent some time over the past week working on a proof-of-concept integration of Micropub into Django.

    I don’t have anything functional to show for it, but I have a much better understanding of IndieAuth, Micropub, and writing decoupled Django apps.

    orangegnome.com/posts/3338/exp

    #Django #WebDevelopment #Indieweb #Indieauth #Micropub

  15. @neil Probably not. I see no effect from setting an "external account". (But then, I could hardly find the "logout" button.)

    (Un)relatedly, does #Discourse support #IndieAuth? Seems not: meta.discourse.org/t/indieauth

  16. When I wrote that post, my blog was SSG generated by Pollen (which is ultimately running on the #Racket runtime). That was a great system and it served me well for years, but it had its shortcomings and eventually I decided to replace it with something simpler. I went with a dynamic #Lua site.

    The new system is good old CGI based scripts written in #Lua using a #SQLite file as source of truth. About 1169 lines for the whole CMS including my #IndieAuth #Micropub and my #MetaWeblog endpoint.

  17. When I wrote that post, my blog was SSG generated by Pollen (which is ultimately running on the #Racket runtime). That was a great system and it served me well for years, but it had its shortcomings and eventually I decided to replace it with something simpler. I went with a dynamic #Lua site.

    The new system is good old CGI based scripts written in #Lua using a #SQLite file as source of truth. About 1169 lines for the whole CMS including my #IndieAuth #Micropub and my #MetaWeblog endpoint.

  18. When I wrote that post, my blog was SSG generated by Pollen (which is ultimately running on the #Racket runtime). That was a great system and it served me well for years, but it had its shortcomings and eventually I decided to replace it with something simpler. I went with a dynamic #Lua site.

    The new system is good old CGI based scripts written in #Lua using a #SQLite file as source of truth. About 1169 lines for the whole CMS including my #IndieAuth #Micropub and my #MetaWeblog endpoint.

  19. When I wrote that post, my blog was SSG generated by Pollen (which is ultimately running on the #Racket runtime). That was a great system and it served me well for years, but it had its shortcomings and eventually I decided to replace it with something simpler. I went with a dynamic #Lua site.

    The new system is good old CGI based scripts written in #Lua using a #SQLite file as source of truth. About 1169 lines for the whole CMS including my #IndieAuth #Micropub and my #MetaWeblog endpoint.

  20. When I wrote that post, my blog was SSG generated by Pollen (which is ultimately running on the #Racket runtime). That was a great system and it served me well for years, but it had its shortcomings and eventually I decided to replace it with something simpler. I went with a dynamic #Lua site.

    The new system is good old CGI based scripts written in #Lua using a #SQLite file as source of truth. About 1169 lines for the whole CMS including my #IndieAuth #Micropub and my #MetaWeblog endpoint.

  21. The team @micro.blog have done it again.

    They soft-launched https://micro.one yesterday¹.

    This may be the most accessible onramp to the open social web ever.

    Cost: $1 a month. Yes you read correctly.

    This is the simplest and cheapest (where you are the customer, not the product) way to own your identity and content online².

    Stop posting in someone else’s garage³.

    Time to export your Twitter, and migrate your Mastodon handle to your own home on the web.

    Of course you can bring your own domain name. Additionally:
    * blog posts, naturally, both articles and microblogging notes
    * photos
    * podcasting
    * custom themes
    * web-clients and native mobile posting clients
    * WordPress, Tumblr, Mastodon, Medium import
    More details (and alternatives) at https://micro.one/about/pricing

    And yes, it interoperates with the open #socialWeb, including:
    * #ActivityPub support, #Mastodon and #fediverse compatibility
    * #IndieAuth to sign-in to third-party apps
    * #microformats support in all built-in themes
    * #Webmention for sending and receiving replies across websites
    * #Micropub standard posting API, supporting dozens of clients
    * #Microsub standard timeline API, supporting social readers
    More #indieweb support details at https://micro.one/about/indieweb

    Did I mention the the superb micro.blog (and micro.one) Community Guidelines?
    * https://help.micro.blog/t/community-guidelines/39

    Well done @manton.org and team.

    This is post 6 of #100PostsOfIndieWeb. #100Posts #ownYourIdentity #ownYourData #openSocialWeb

    https://tantek.com/2025/003/t1/lastfm-year-in-review-playback24
    https://tantek.com/2025/012/t1/eight-years-webmention


    Glossary

    IndieAuth
      https://indieweb.org/IndieAuth
    microformats
      https://microformats.org/wiki/microformats
    Micropub
      https://indieweb.org/Micropub
    Microsub
      https://indieweb.org/Microsub
    Webmention
      https://indieweb.org/Webmention

    References

    ¹ https://www.manton.org/2025/01/03/microone-was-effectively-a-softlaunch.html
    ² https://tantek.com/2025/001/t1/15-years-notes-my-site-first
    ³ https://tantek.com/2023/022/t2/own-your-notes-domain-migration

  22. The team @micro.blog have done it again.

    They soft-launched https://micro.one yesterday¹.

    This may be the most accessible onramp to the open social web ever.

    Cost: $1 a month. Yes you read correctly.

    This is the simplest and cheapest (where you are the customer, not the product) way to own your identity and content online².

    Stop posting in someone else’s garage³.

    Time to export your Twitter, and migrate your Mastodon handle to your own home on the web.

    Of course you can bring your own domain name. Additionally:
    * blog posts, naturally, both articles and microblogging notes
    * photos
    * podcasting
    * custom themes
    * web-clients and native mobile posting clients
    * WordPress, Tumblr, Mastodon, Medium import
    More details (and alternatives) at https://micro.one/about/pricing

    And yes, it interoperates with the open #socialWeb, including:
    * #ActivityPub support, #Mastodon and #fediverse compatibility
    * #IndieAuth to sign-in to third-party apps
    * #microformats support in all built-in themes
    * #Webmention for sending and receiving replies across websites
    * #Micropub standard posting API, supporting dozens of clients
    * #Microsub standard timeline API, supporting social readers
    More #indieweb support details at https://micro.one/about/indieweb

    Did I mention the the superb micro.blog (and micro.one) Community Guidelines?
    * https://help.micro.blog/t/community-guidelines/39

    Well done @manton.org and team.

    This is post 6 of #100PostsOfIndieWeb. #100Posts #ownYourIdentity #ownYourData #openSocialWeb

    https://tantek.com/2025/003/t1/lastfm-year-in-review-playback24
    https://tantek.com/2025/012/t1/eight-years-webmention


    Glossary

    IndieAuth
      https://indieweb.org/IndieAuth
    microformats
      https://microformats.org/wiki/microformats
    Micropub
      https://indieweb.org/Micropub
    Microsub
      https://indieweb.org/Microsub
    Webmention
      https://indieweb.org/Webmention

    References

    ¹ https://www.manton.org/2025/01/03/microone-was-effectively-a-softlaunch.html
    ² https://tantek.com/2025/001/t1/15-years-notes-my-site-first
    ³ https://tantek.com/2023/022/t2/own-your-notes-domain-migration

  23. The team @micro.blog have done it again.

    They soft-launched https://micro.one yesterday¹.

    This may be the most accessible onramp to the open social web ever.

    Cost: $1 a month. Yes you read correctly.

    This is the simplest and cheapest (where you are the customer, not the product) way to own your identity and content online².

    Stop posting in someone else’s garage³.

    Time to export your Twitter, and migrate your Mastodon handle to your own home on the web.

    Of course you can bring your own domain name. Additionally:
    * blog posts, naturally, both articles and microblogging notes
    * photos
    * podcasting
    * custom themes
    * web-clients and native mobile posting clients
    * WordPress, Tumblr, Mastodon, Medium import
    More details (and alternatives) at https://micro.one/about/pricing

    And yes, it interoperates with the open #socialWeb, including:
    * #ActivityPub support, #Mastodon and #fediverse compatibility
    * #IndieAuth to sign-in to third-party apps
    * #microformats support in all built-in themes
    * #Webmention for sending and receiving replies across websites
    * #Micropub standard posting API, supporting dozens of clients
    * #Microsub standard timeline API, supporting social readers
    More #indieweb support details at https://micro.one/about/indieweb

    Did I mention the the superb micro.blog (and micro.one) Community Guidelines?
    * https://help.micro.blog/t/community-guidelines/39

    Well done @manton.org and team.

    This is post 6 of #100PostsOfIndieWeb. #100Posts #ownYourIdentity #ownYourData #openSocialWeb

    https://tantek.com/2025/003/t1/lastfm-year-in-review-playback24
    https://tantek.com/2025/012/t1/eight-years-webmention


    Glossary

    IndieAuth
      https://indieweb.org/IndieAuth
    microformats
      https://microformats.org/wiki/microformats
    Micropub
      https://indieweb.org/Micropub
    Microsub
      https://indieweb.org/Microsub
    Webmention
      https://indieweb.org/Webmention

    References

    ¹ https://www.manton.org/2025/01/03/microone-was-effectively-a-softlaunch.html
    ² https://tantek.com/2025/001/t1/15-years-notes-my-site-first
    ³ https://tantek.com/2023/022/t2/own-your-notes-domain-migration

  24. The team @micro.blog have done it again.

    They soft-launched https://micro.one yesterday¹.

    This may be the most accessible onramp to the open social web ever.

    Cost: $1 a month. Yes you read correctly.

    This is the simplest and cheapest (where you are the customer, not the product) way to own your identity and content online².

    Stop posting in someone else’s garage³.

    Time to export your Twitter, and migrate your Mastodon handle to your own home on the web.

    Of course you can bring your own domain name. Additionally:
    * blog posts, naturally, both articles and microblogging notes
    * photos
    * podcasting
    * custom themes
    * web-clients and native mobile posting clients
    * WordPress, Tumblr, Mastodon, Medium import
    More details (and alternatives) at https://micro.one/about/pricing

    And yes, it interoperates with the open #socialWeb, including:
    * #ActivityPub support, #Mastodon and #fediverse compatibility
    * #IndieAuth to sign-in to third-party apps
    * #microformats support in all built-in themes
    * #Webmention for sending and receiving replies across websites
    * #Micropub standard posting API, supporting dozens of clients
    * #Microsub standard timeline API, supporting social readers
    More #indieweb support details at https://micro.one/about/indieweb

    Did I mention the the superb micro.blog (and micro.one) Community Guidelines?
    * https://help.micro.blog/t/community-guidelines/39

    Well done @manton.org and team.

    This is post 6 of #100PostsOfIndieWeb. #100Posts #ownYourIdentity #ownYourData #openSocialWeb

    https://tantek.com/2025/003/t1/lastfm-year-in-review-playback24
    https://tantek.com/2025/012/t1/eight-years-webmention


    Glossary

    IndieAuth
      https://indieweb.org/IndieAuth
    microformats
      https://microformats.org/wiki/microformats
    Micropub
      https://indieweb.org/Micropub
    Microsub
      https://indieweb.org/Microsub
    Webmention
      https://indieweb.org/Webmention

    References

    ¹ https://www.manton.org/2025/01/03/microone-was-effectively-a-softlaunch.html
    ² https://tantek.com/2025/001/t1/15-years-notes-my-site-first
    ³ https://tantek.com/2023/022/t2/own-your-notes-domain-migration

  25. The team @micro.blog have done it again.

    They soft-launched https://micro.one yesterday¹.

    This may be the most accessible onramp to the open social web ever.

    Cost: $1 a month. Yes you read correctly.

    This is the simplest and cheapest (where you are the customer, not the product) way to own your identity and content online².

    Stop posting in someone else’s garage³.

    Time to export your Twitter, and migrate your Mastodon handle to your own home on the web.

    Of course you can bring your own domain name. Additionally:
    * blog posts, naturally, both articles and microblogging notes
    * photos
    * podcasting
    * custom themes
    * web-clients and native mobile posting clients
    * WordPress, Tumblr, Mastodon, Medium import
    More details (and alternatives) at https://micro.one/about/pricing

    And yes, it interoperates with the open #socialWeb, including:
    * #ActivityPub support, #Mastodon and #fediverse compatibility
    * #IndieAuth to sign-in to third-party apps
    * #microformats support in all built-in themes
    * #Webmention for sending and receiving replies across websites
    * #Micropub standard posting API, supporting dozens of clients
    * #Microsub standard timeline API, supporting social readers
    More #indieweb support details at https://micro.one/about/indieweb

    Did I mention the the superb micro.blog (and micro.one) Community Guidelines?
    * https://help.micro.blog/t/community-guidelines/39

    Well done @manton.org and team.

    This is post 6 of #100PostsOfIndieWeb. #100Posts #ownYourIdentity #ownYourData #openSocialWeb

    https://tantek.com/2025/003/t1/lastfm-year-in-review-playback24
    https://tantek.com/2025/012/t1/eight-years-webmention


    Glossary

    IndieAuth
      https://indieweb.org/IndieAuth
    microformats
      https://microformats.org/wiki/microformats
    Micropub
      https://indieweb.org/Micropub
    Microsub
      https://indieweb.org/Microsub
    Webmention
      https://indieweb.org/Webmention

    References

    ¹ https://www.manton.org/2025/01/03/microone-was-effectively-a-softlaunch.html
    ² https://tantek.com/2025/001/t1/15-years-notes-my-site-first
    ³ https://tantek.com/2023/022/t2/own-your-notes-domain-migration

  26. ⚠️ .io domain¹ likely being phased-out² — seven suggested steps

    Good article in The Verge summarizing recent .io related events, see that for more context if this is news to you:
    * https://www.theverge.com/2024/10/8/24265441/uk-treaty-end-io-domain-chagos-islands

    It looks likely .io (and .io domains) will go away in the next few years (as .cs and .yu did³), so here are my suggested steps to take depending on your usage of .io domains:

    1. Avoid buying new .io domains (or making plans with existing ones; sell if you can)
    2. If you currently run a .io service (for a company or community), make and publicize a transition plan (like a new domain, redirection, orderly shutdown plan for redirects)
    3. If you have a personal site on a .io domain or subdomain, make your own transition plan, and perhaps post about how others should link to your posts
    4. If you are using someone else’s .io domain to publish (like #GitHubPages), make a transition plan to publish elsewhere and leave a forwarding note and link behind
    5. If you use a .io domain as your Web sign-in login on any sites, switch them to another non-io personal domain
    6. Similarly if your site accepts #WebSignIn logins (via #IndieAuth, #RelMeAuth, or even #OpenID), consider discouraging any new sign-ups from .io domains, and warning any existing users with .io domains to switch per # 5
    7. If you have posts (or a whole #indieweb site) with links to .io sites or pages (like those in 2-4 above), make a plan for editing those links to point to an alternative or an archival copy (like on the Internet Archive)

    And of course, post about your #dotIO plans.

    Glossary

    Domain
     https://indieweb.org/domain
    IndieAuth
     https://indieweb.org/IndieAuth
    Internet Archive
     https://web.archive.org/
    OpenID
     https://indieweb.org/OpenID
    Redirect
     https://indieweb.org/redirect
    RelMeAuth
     https://indieweb.org/RelMeAuth
    Web sign-in
     https://indieweb.org/Web_sign-in


    References:

    ¹ https://indieweb.org/.io
    ² https://en.wikipedia.org/wiki/.io#Phasing_Out
    ³ https://en.wikipedia.org/wiki/.cs
    E.g. https://indieweb.org/webmention.io or https://indieweb.org/granary.io
    E.g. https://indieweb.org/werd.io
    https://indieweb.org/github.io


    This is post 25 of #100PostsOfIndieWeb. #100Posts

    https://tantek.com/2024/283/t1/metaphors-constructive-cooperative-joyful
    https://tantek.com/2024/287/t1/fediverse-unfollow-bridgyfed-bug

  27. ⚠️ .io domain¹ likely being phased-out² — seven suggested steps

    Good article in The Verge summarizing recent .io related events, see that for more context if this is news to you:
    * https://www.theverge.com/2024/10/8/24265441/uk-treaty-end-io-domain-chagos-islands

    It looks likely .io (and .io domains) will go away in the next few years (as .cs and .yu did³), so here are my suggested steps to take depending on your usage of .io domains:

    1. Avoid buying new .io domains (or making plans with existing ones; sell if you can)
    2. If you currently run a .io service (for a company or community), make and publicize a transition plan (like a new domain, redirection, orderly shutdown plan for redirects)
    3. If you have a personal site on a .io domain or subdomain, make your own transition plan, and perhaps post about how others should link to your posts
    4. If you are using someone else’s .io domain to publish (like #GitHubPages), make a transition plan to publish elsewhere and leave a forwarding note and link behind
    5. If you use a .io domain as your Web sign-in login on any sites, switch them to another non-io personal domain
    6. Similarly if your site accepts #WebSignIn logins (via #IndieAuth, #RelMeAuth, or even #OpenID), consider discouraging any new sign-ups from .io domains, and warning any existing users with .io domains to switch per # 5
    7. If you have posts (or a whole #indieweb site) with links to .io sites or pages (like those in 2-4 above), make a plan for editing those links to point to an alternative or an archival copy (like on the Internet Archive)

    And of course, post about your #dotIO plans.

    Glossary

    Domain
     https://indieweb.org/domain
    IndieAuth
     https://indieweb.org/IndieAuth
    Internet Archive
     https://web.archive.org/
    OpenID
     https://indieweb.org/OpenID
    Redirect
     https://indieweb.org/redirect
    RelMeAuth
     https://indieweb.org/RelMeAuth
    Web sign-in
     https://indieweb.org/Web_sign-in


    References:

    ¹ https://indieweb.org/.io
    ² https://en.wikipedia.org/wiki/.io#Phasing_Out
    ³ https://en.wikipedia.org/wiki/.cs
    E.g. https://indieweb.org/webmention.io or https://indieweb.org/granary.io
    E.g. https://indieweb.org/werd.io
    https://indieweb.org/github.io


    This is post 25 of #100PostsOfIndieWeb. #100Posts

    https://tantek.com/2024/283/t1/metaphors-constructive-cooperative-joyful
    https://tantek.com/2024/287/t1/fediverse-unfollow-bridgyfed-bug

  28. ⚠️ .io domain¹ likely being phased-out² — seven suggested steps

    Good article in The Verge summarizing recent .io related events, see that for more context if this is news to you:
    * https://www.theverge.com/2024/10/8/24265441/uk-treaty-end-io-domain-chagos-islands

    It looks likely .io (and .io domains) will go away in the next few years (as .cs and .yu did³), so here are my suggested steps to take depending on your usage of .io domains:

    1. Avoid buying new .io domains (or making plans with existing ones; sell if you can)
    2. If you currently run a .io service (for a company or community), make and publicize a transition plan (like a new domain, redirection, orderly shutdown plan for redirects)
    3. If you have a personal site on a .io domain or subdomain, make your own transition plan, and perhaps post about how others should link to your posts
    4. If you are using someone else’s .io domain to publish (like #GitHubPages), make a transition plan to publish elsewhere and leave a forwarding note and link behind
    5. If you use a .io domain as your Web sign-in login on any sites, switch them to another non-io personal domain
    6. Similarly if your site accepts #WebSignIn logins (via #IndieAuth, #RelMeAuth, or even #OpenID), consider discouraging any new sign-ups from .io domains, and warning any existing users with .io domains to switch per # 5
    7. If you have posts (or a whole #indieweb site) with links to .io sites or pages (like those in 2-4 above), make a plan for editing those links to point to an alternative or an archival copy (like on the Internet Archive)

    And of course, post about your #dotIO plans.

    Glossary

    Domain
     https://indieweb.org/domain
    IndieAuth
     https://indieweb.org/IndieAuth
    Internet Archive
     https://web.archive.org/
    OpenID
     https://indieweb.org/OpenID
    Redirect
     https://indieweb.org/redirect
    RelMeAuth
     https://indieweb.org/RelMeAuth
    Web sign-in
     https://indieweb.org/Web_sign-in


    References:

    ¹ https://indieweb.org/.io
    ² https://en.wikipedia.org/wiki/.io#Phasing_Out
    ³ https://en.wikipedia.org/wiki/.cs
    E.g. https://indieweb.org/webmention.io or https://indieweb.org/granary.io
    E.g. https://indieweb.org/werd.io
    https://indieweb.org/github.io


    This is post 25 of #100PostsOfIndieWeb. #100Posts

    https://tantek.com/2024/283/t1/metaphors-constructive-cooperative-joyful
    https://tantek.com/2024/287/t1/fediverse-unfollow-bridgyfed-bug

  29. ⚠️ .io domain¹ likely being phased-out² — seven suggested steps

    Good article in The Verge summarizing recent .io related events, see that for more context if this is news to you:
    * https://www.theverge.com/2024/10/8/24265441/uk-treaty-end-io-domain-chagos-islands

    It looks likely .io (and .io domains) will go away in the next few years (as .cs and .yu did³), so here are my suggested steps to take depending on your usage of .io domains:

    1. Avoid buying new .io domains (or making plans with existing ones; sell if you can)
    2. If you currently run a .io service (for a company or community), make and publicize a transition plan (like a new domain, redirection, orderly shutdown plan for redirects)
    3. If you have a personal site on a .io domain or subdomain, make your own transition plan, and perhaps post about how others should link to your posts
    4. If you are using someone else’s .io domain to publish (like #GitHubPages), make a transition plan to publish elsewhere and leave a forwarding note and link behind
    5. If you use a .io domain as your Web sign-in login on any sites, switch them to another non-io personal domain
    6. Similarly if your site accepts #WebSignIn logins (via #IndieAuth, #RelMeAuth, or even #OpenID), consider discouraging any new sign-ups from .io domains, and warning any existing users with .io domains to switch per # 5
    7. If you have posts (or a whole #indieweb site) with links to .io sites or pages (like those in 2-4 above), make a plan for editing those links to point to an alternative or an archival copy (like on the Internet Archive)

    And of course, post about your #dotIO plans.

    Glossary

    Domain
     https://indieweb.org/domain
    IndieAuth
     https://indieweb.org/IndieAuth
    Internet Archive
     https://web.archive.org/
    OpenID
     https://indieweb.org/OpenID
    Redirect
     https://indieweb.org/redirect
    RelMeAuth
     https://indieweb.org/RelMeAuth
    Web sign-in
     https://indieweb.org/Web_sign-in


    References:

    ¹ https://indieweb.org/.io
    ² https://en.wikipedia.org/wiki/.io#Phasing_Out
    ³ https://en.wikipedia.org/wiki/.cs
    E.g. https://indieweb.org/webmention.io or https://indieweb.org/granary.io
    E.g. https://indieweb.org/werd.io
    https://indieweb.org/github.io


    This is post 25 of #100PostsOfIndieWeb. #100Posts

    https://tantek.com/2024/283/t1/metaphors-constructive-cooperative-joyful
    https://tantek.com/2024/287/t1/fediverse-unfollow-bridgyfed-bug

  30. ⚠️ .io domain¹ likely being phased-out² — seven suggested steps

    Good article in The Verge summarizing recent .io related events, see that for more context if this is news to you:
    * https://www.theverge.com/2024/10/8/24265441/uk-treaty-end-io-domain-chagos-islands

    It looks likely .io (and .io domains) will go away in the next few years (as .cs and .yu did³), so here are my suggested steps to take depending on your usage of .io domains:

    1. Avoid buying new .io domains (or making plans with existing ones; sell if you can)
    2. If you currently run a .io service (for a company or community), make and publicize a transition plan (like a new domain, redirection, orderly shutdown plan for redirects)
    3. If you have a personal site on a .io domain or subdomain, make your own transition plan, and perhaps post about how others should link to your posts
    4. If you are using someone else’s .io domain to publish (like #GitHubPages), make a transition plan to publish elsewhere and leave a forwarding note and link behind
    5. If you use a .io domain as your Web sign-in login on any sites, switch them to another non-io personal domain
    6. Similarly if your site accepts #WebSignIn logins (via #IndieAuth, #RelMeAuth, or even #OpenID), consider discouraging any new sign-ups from .io domains, and warning any existing users with .io domains to switch per # 5
    7. If you have posts (or a whole #indieweb site) with links to .io sites or pages (like those in 2-4 above), make a plan for editing those links to point to an alternative or an archival copy (like on the Internet Archive)

    And of course, post about your #dotIO plans.

    Glossary

    Domain
     https://indieweb.org/domain
    IndieAuth
     https://indieweb.org/IndieAuth
    Internet Archive
     https://web.archive.org/
    OpenID
     https://indieweb.org/OpenID
    Redirect
     https://indieweb.org/redirect
    RelMeAuth
     https://indieweb.org/RelMeAuth
    Web sign-in
     https://indieweb.org/Web_sign-in


    References:

    ¹ https://indieweb.org/.io
    ² https://en.wikipedia.org/wiki/.io#Phasing_Out
    ³ https://en.wikipedia.org/wiki/.cs
    E.g. https://indieweb.org/webmention.io or https://indieweb.org/granary.io
    E.g. https://indieweb.org/werd.io
    https://indieweb.org/github.io


    This is post 25 of #100PostsOfIndieWeb. #100Posts

    https://tantek.com/2024/283/t1/metaphors-constructive-cooperative-joyful
    https://tantek.com/2024/287/t1/fediverse-unfollow-bridgyfed-bug

  31. @lil5 Not quite *password* less, as I originally expected. This step is impossible for me to go through because #Firefox on #PC and #Android can't into this protocol. But if it works for others, than that's good. 👍🏻

    I once used to use generating and exploiting simple magic links before I moved to #IndieAuth: github.com/jaredthirsk/PwdLess

  32. Indie social sign-in could go mainstream
    blog.erlend.sh/indie-social-si
    submitted by erlend_sh to fediverse3 points | 0 commentshttps://blog.erlend.sh/indie-social-sign-in-could-go-mainstreamBack in June I wrote about an exciting confluence of digital auth tech:
    (1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
    In short, it is now easier than ever to log into web applications using

  33. Indie social sign-in could go mainstream
    blog.erlend.sh/indie-social-si
    submitted by erlend_sh to fediverse3 points | 0 commentshttps://blog.erlend.sh/indie-social-sign-in-could-go-mainstreamBack in June I wrote about an exciting confluence of digital auth tech:
    (1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
    In short, it is now easier than ever to log into web applications using

  34. Indie social sign-in could go mainstream
    blog.erlend.sh/indie-social-si
    submitted by erlend_sh to fediverse3 points | 0 commentshttps://blog.erlend.sh/indie-social-sign-in-could-go-mainstreamBack in June I wrote about an exciting confluence of digital auth tech:
    (1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
    In short, it is now easier than ever to log into web applications using

  35. Back in June I wrote about an exciting confluence of digital auth tech:

    (1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .

    In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.

    blog.erlend.sh/indie-social-si

    #opensource #indieweb #identity

  36. Back in June I wrote about an exciting confluence of digital auth tech:

    (1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .

    In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.

    blog.erlend.sh/indie-social-si

    #opensource #indieweb #identity

  37. Back in June I wrote about an exciting confluence of digital auth tech:

    (1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .

    In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.

    blog.erlend.sh/indie-social-si

    #opensource #indieweb #identity

  38. Back in June I wrote about an exciting confluence of digital auth tech:

    (1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .

    In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.

    blog.erlend.sh/indie-social-si

    #opensource #indieweb #identity

  39. Back in June I wrote about an exciting confluence of digital auth tech:

    (1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .

    In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.

    blog.erlend.sh/indie-social-si

    #opensource #indieweb #identity

  40. Anyone interested in single sign-on / #SSO? Want a new toy to play with? I've been experimenting with it recently, and now I've got something to share: an experimental demo of how a "Sign in with the Fediverse" mechanism might work.

    If you have a Mastodon or Hubzilla account, or an IndieAuth-style self-hosted identity, I'd like to invite you to try and sign in to my test site at login.mythik.co.uk.

    Headline features:
    • User authentication/authorization based on the Ory tools.
    • Supports signing in using an existing Fediverse (or other) account - or one you host yourself
    • Open source - well, not yet, but it could be, if people are interested in it
    • Written by a non-expert! Woefully insecure! All manner of attacks, just waiting to be found! Invite your security expert friends to the party, and laugh together at the n00b! Fun for all the family!

    Supported identity providers include:

    (There's a chance Streams might work, too.)

    Protocols supported:

    If you can get it to work - share a screenshot and let me know what you think!

    (I'll try to keep this running for a while, but I can't guarantee it - partly because I haven't finished trying to attack it yet. If I have to take it down for some reason, I'll edit this post to say so.)
  41. Anyone interested in single sign-on / #SSO? Want a new toy to play with? I've been experimenting with it recently, and now I've got something to share: an experimental demo of how a "Sign in with the Fediverse" mechanism might work.

    If you have a Mastodon or Hubzilla account, or an IndieAuth-style self-hosted identity, I'd like to invite you to try and sign in to my test site at login.mythik.co.uk.

    Headline features:
    • User authentication/authorization based on the Ory tools.
    • Supports signing in using an existing Fediverse (or other) account - or one you host yourself
    • Open source - well, not yet, but it could be, if people are interested in it
    • Written by a non-expert! Woefully insecure! All manner of attacks, just waiting to be found! Invite your security expert friends to the party, and laugh together at the n00b! Fun for all the family!

    Supported identity providers include:

    (There's a chance Streams might work, too.)

    Protocols supported:

    If you can get it to work - share a screenshot and let me know what you think!

    (I'll try to keep this running for a while, but I can't guarantee it - partly because I haven't finished trying to attack it yet. If I have to take it down for some reason, I'll edit this post to say so.)
  42. Anyone interested in single sign-on / #SSO? Want a new toy to play with? I've been experimenting with it recently, and now I've got something to share: an experimental demo of how a "Sign in with the Fediverse" mechanism might work.

    If you have a Mastodon or Hubzilla account, or an IndieAuth-style self-hosted identity, I'd like to invite you to try and sign in to my test site at login.mythik.co.uk.

    Headline features:
    • User authentication/authorization based on the Ory tools.
    • Supports signing in using an existing Fediverse (or other) account - or one you host yourself
    • Open source - well, not yet, but it could be, if people are interested in it
    • Written by a non-expert! Woefully insecure! All manner of attacks, just waiting to be found! Invite your security expert friends to the party, and laugh together at the n00b! Fun for all the family!

    Supported identity providers include:

    (There's a chance Streams might work, too.)

    Protocols supported:

    If you can get it to work - share a screenshot and let me know what you think!

    (I'll try to keep this running for a while, but I can't guarantee it - partly because I haven't finished trying to attack it yet. If I have to take it down for some reason, I'll edit this post to say so.)
  43. In den letzten Tagen habe ich noch ein wenig hin und her probiert. Ich habe das Activitypub- und das Friends-Plugin aktiviert. Dadurch bin ich jetzt im Fediverse auch unter marc@Marc.hannebrook.info erreichbar.

    Durch Friends kann ich dort anderen Accounts folgen und auch mit deren Beiträgen interagieren. Damit habe ich vielleicht das, im vorherigen Beitrag erwähnte, „Friendica-Problem“ indirekt gelöst. Ich würde dann einfach nicht mehr mit dem Friendica-Account interagieren, sondern mit diesem. Die nächsten Tage werden zeigen, wie praktikabel das ist.

    Überhaupt stellt sich die Frage, warum ich mit der Installation des ActivityPub-Plugins noch den Friendica- und den Mastodon-Account betreiben sollte, da diese Seite jetzt direkt mit dem Fediverse verbunden ist. Auch hier wird die Praxis in den nächsten Tagen (hoffentlich) Erkenntnisse hervorbringen.

    Ich habe diese WordPress-Installation dann noch vom Webspace bei all-inkl auf meinen VPS übertragen, weil ich hoffte, dass das Login auf indieweb.org durch IndieAuth dann funktioniert  – bislang Fehlanzeige. Aber dafür kann ich jetzt per Friends auf Beiträge im Fediverse antworten. Das hat auf meinem Webspace vorher nicht funktioniert. Und das Teilen der Beiträge auf Mastodon und Bluesky funktioniert jetzt ohne vorherige Speicherung des jeweiligen Beitrages.

    https://marc.hannebrook.info/blog/2024/06/21/weitere-einstellungen/

    #Fediverse #Friendica #IndieAuth #Indieweb #Mastodon #Wordpress

  44. @aaronpk

    ☝🏻 Apologies for the tag-in, but you might be the only person I know on here who has any ideas on my post above.

    #IndieAuth #RelMeAuth

  45. @aaronpk

    ☝🏻 Apologies for the tag-in, but you might be the only person I know on here who has any ideas on my post above.

    #IndieAuth #RelMeAuth

  46. In an #IndieAuth flow, what are some authorization endpoint strategies (besides #RelMeAuth) for attesting that a person "owns" the domain they're authenticating with?

    Some ideas in decreasing order of complexity: TXT DNS record, an HTTP header, a `<link>` element of some kind…

    indieauth.spec.indieweb.org
    microformats.org/wiki/RelMeAut

  47. In an #IndieAuth flow, what are some authorization endpoint strategies (besides #RelMeAuth) for attesting that a person "owns" the domain they're authenticating with?

    Some ideas in decreasing order of complexity: TXT DNS record, an HTTP header, a `<link>` element of some kind…

    indieauth.spec.indieweb.org
    microformats.org/wiki/RelMeAut

  48. Well this is moving quickly! You can now spin up FedCM on your own website and log in to https://webmention.io thanks to this open source project from Sam Goto! This is so much better than having to type out your website or even email address when logging in! Full instructions here:

    https://github.com/fedidcg/FedCM/issues/240#issuecomment-2118606184