#indieauth — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #indieauth, aggregated by home.social.
-
One thing I really like about ATProto/Atmosphere is the concept of a PDS, or Personal Data Server, storing all your account data.
The other day someone announced https://bookhive.buzz, basically ATProto take on https://bookwyrm.social, but unlike Bookwyrm, which requires you to create a separate account, Bookhive lets you log in with your PDS, most commonly your Bluesky account.
That's actually pretty neat.
And we could have something similar with Federated Credential Management (FedCM).
https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
Here's a GitHub issue requesting this for Mastodon:
https://github.com/mastodon/mastodon/issues/4800
#fediverse #mastodon #FedCM #indieauth #SocialMedia #ATProto #PDS
-
One thing I really like about ATProto/Atmosphere is the concept of a PDS, or Personal Data Server, storing all your account data.
The other day someone announced https://bookhive.buzz, basically ATProto take on https://bookwyrm.social, but unlike Bookwyrm, which requires you to create a separate account, Bookhive lets you log in with your PDS, most commonly your Bluesky account.
That's actually pretty neat.
And we could have something similar with Federated Credential Management (FedCM).
https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
Here's a GitHub issue requesting this for Mastodon:
https://github.com/mastodon/mastodon/issues/4800
#fediverse #mastodon #FedCM #indieauth #SocialMedia #ATProto #PDS
-
One thing I really like about ATProto/Atmosphere is the concept of a PDS, or Personal Data Server, storing all your account data.
The other day someone announced https://bookhive.buzz, basically ATProto take on https://bookwyrm.social, but unlike Bookwyrm, which requires you to create a separate account, Bookhive lets you log in with your PDS, most commonly your Bluesky account.
That's actually pretty neat.
And we could have something similar with Federated Credential Management (FedCM).
https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
Here's a GitHub issue requesting this for Mastodon:
https://github.com/mastodon/mastodon/issues/4800
#fediverse #mastodon #FedCM #indieauth #SocialMedia #ATProto #PDS
-
One thing I really like about ATProto/Atmosphere is the concept of a PDS, or Personal Data Server, storing all your account data.
The other day someone announced https://bookhive.buzz, basically ATProto take on https://bookwyrm.social, but unlike Bookwyrm, which requires you to create a separate account, Bookhive lets you log in with your PDS, most commonly your Bluesky account.
That's actually pretty neat.
And we could have something similar with Federated Credential Management (FedCM).
https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
Here's a GitHub issue requesting this for Mastodon:
https://github.com/mastodon/mastodon/issues/4800
#fediverse #mastodon #FedCM #indieauth #SocialMedia #ATProto #PDS
-
One thing I really like about ATProto/Atmosphere is the concept of a PDS, or Personal Data Server, storing all your account data.
The other day someone announced https://bookhive.buzz, basically ATProto take on https://bookwyrm.social, but unlike Bookwyrm, which requires you to create a separate account, Bookhive lets you log in with your PDS, most commonly your Bluesky account.
That's actually pretty neat.
And we could have something similar with Federated Credential Management (FedCM).
https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API
Here's a GitHub issue requesting this for Mastodon:
https://github.com/mastodon/mastodon/issues/4800
#fediverse #mastodon #FedCM #indieauth #SocialMedia #ATProto #PDS
-
CW: indieweb tech: micropub
I'm making some progress on my micropub endpoint based on the https://go.hacdias.com/indielib library.
I can now use my endpoint for IndieAuth, and store posts on the filesystem, in the custom TOML page format I use. I'm having some trouble with the `micropub?q=config` route, and haven't started working on git sync or the media endpoint yet. One step at a time.
The main issue that's holding me back now, is that it's really hard to test if everything works as intended. I've been testing using Quill and Sparkles via my server now, but it's less than ideal to not be able to test it locally. Any advice would be appreciated 😅
Also, https://micropub.rocks doesn't work for me at all, because it doesn't use PCKE apparently.
But the clients are way easier than how I was updating my site until now, so I have enough motivation to keep at it!
-
This also made me realise I want to give implementing #micropub and #indieauth for my website another go. It isn't the easiest of protocols, last time I gave up. But I'd love to remove some friction of posting to my site (esp. images). Too bad there isn't a ready made Go project of these protocols, that builds a static site and syncs with Git. I'll try rolling my own again using https://pkg.go.dev/go.hacdias.com/indielib by @hacdias and see if I have better luck this time.
-
Fixed: IndieAuth login broken for third-party apps
After adding security headers (Content-Security-Policy) to harden the site, logging in with IndiePass and other IndieAuth clients silently failed — tapping “authorize” did nothing.
The culprit was form-action ‘self’ in the CSP, which blocked Browsers from following the consent form’s redirect to the client’s callback URL (e.g., indiepass.app/android-callback).
Changed to form-action ‘self’ https: to allow IndieAuth redirects to any HTTPS callback. Affects all third-party IndieAuth clients (Micropub editors, Microsub readers, etc.), not just IndiePass.
-
Building an IndieAuth Comment System for Your Static Site | 🔗 https://brennan.day/building-an-indieauth-comment-system-for-your-static-site/
#indieweb #eleventy #netlify #javascript #indieauth #tutorial
-
Finished my December Adventure with an unfinished project, as is tradition. I'm in the process of extracting a standalone IndieAuth client atop the OAuth2 crate. Full adventure log:
-
My December Adventure detoured into an implementation of IndieAuth. I need an authenticated section to process the pending Webmentions before they're made visible to the public. Instead of maintaining my own credentials, I wanted to stay in the IndieWeb spirit and authenticate against my own website and its rel=me links. Success!
- more on IndieAuth: https://indieauth.net/
- ongoing adventure log: https://rossabaker.com/series/december-adventure-2025/ -
CVE Alert: CVE-2025-12028 - indieweb - IndieAuth - https://www.redpacketsecurity.com/cve-alert-cve-2025-12028-indieweb-indieauth/
#OSINT #ThreatIntel #CyberSecurity #cve-2025-12028 #indieweb #indieauth
-
I think I have all the pieces set up and Umbrella is ready to go. It is a simple 11ty starter site that has IndieAuth, Micropub, and Webmentions built in using Netlify functions.
I've been using all of these pieces on my site for a bit but I wanted to put them all together in one place just in case it could help others start their own site.
-
If you have your own GitHub profile url as a primary link on your Mastodon/Fediverse profile url and vice versa you can "Log In" with your profile url and use #IndieAuth to RSVP for this event. And of course you can use your own domain with that. #IndieWeb RSVP-ing is optional, as stated. We'll be around, webmastering.
-
I'm slowly getting the hang of IndieWeb building blocks. Today I set up IndieAuth on my server using selfauth! Now I can authenticate myself as "moule.world" on any website that supports IndieAuth, including Owncast livestream chats!
How to setup selfauth: https://indieweb.org/selfauth
My next plan: making an "announcements" section of my website, which will use microformats2, support webmentions, hopefully Fediverse reactions and comments, and of course good ol' RSS.
-
I’ve spent some time over the past week working on a proof-of-concept integration of Micropub into Django.
I don’t have anything functional to show for it, but I have a much better understanding of IndieAuth, Micropub, and writing decoupled Django apps.
https://orangegnome.com/posts/3338/exploring-indieauth-but-i-started-with-micropub
-
@neil Probably not. I see no effect from setting an "external account". (But then, I could hardly find the "logout" button.)
(Un)relatedly, does #Discourse support #IndieAuth? Seems not: https://meta.discourse.org/t/indieauth-login/48182
-
When I wrote that post, my blog was SSG generated by Pollen (which is ultimately running on the #Racket runtime). That was a great system and it served me well for years, but it had its shortcomings and eventually I decided to replace it with something simpler. I went with a dynamic #Lua site.
The new system is good old CGI based scripts written in #Lua using a #SQLite file as source of truth. About 1169 lines for the whole CMS including my #IndieAuth #Micropub and my #MetaWeblog endpoint.
-
When I wrote that post, my blog was SSG generated by Pollen (which is ultimately running on the #Racket runtime). That was a great system and it served me well for years, but it had its shortcomings and eventually I decided to replace it with something simpler. I went with a dynamic #Lua site.
The new system is good old CGI based scripts written in #Lua using a #SQLite file as source of truth. About 1169 lines for the whole CMS including my #IndieAuth #Micropub and my #MetaWeblog endpoint.
-
When I wrote that post, my blog was SSG generated by Pollen (which is ultimately running on the #Racket runtime). That was a great system and it served me well for years, but it had its shortcomings and eventually I decided to replace it with something simpler. I went with a dynamic #Lua site.
The new system is good old CGI based scripts written in #Lua using a #SQLite file as source of truth. About 1169 lines for the whole CMS including my #IndieAuth #Micropub and my #MetaWeblog endpoint.
-
When I wrote that post, my blog was SSG generated by Pollen (which is ultimately running on the #Racket runtime). That was a great system and it served me well for years, but it had its shortcomings and eventually I decided to replace it with something simpler. I went with a dynamic #Lua site.
The new system is good old CGI based scripts written in #Lua using a #SQLite file as source of truth. About 1169 lines for the whole CMS including my #IndieAuth #Micropub and my #MetaWeblog endpoint.
-
When I wrote that post, my blog was SSG generated by Pollen (which is ultimately running on the #Racket runtime). That was a great system and it served me well for years, but it had its shortcomings and eventually I decided to replace it with something simpler. I went with a dynamic #Lua site.
The new system is good old CGI based scripts written in #Lua using a #SQLite file as source of truth. About 1169 lines for the whole CMS including my #IndieAuth #Micropub and my #MetaWeblog endpoint.
-
The team @micro.blog have done it again.
They soft-launched https://micro.one yesterday¹.
This may be the most accessible onramp to the open social web ever.
Cost: $1 a month. Yes you read correctly.
This is the simplest and cheapest (where you are the customer, not the product) way to own your identity and content online².
Stop posting in someone else’s garage³.
Time to export your Twitter, and migrate your Mastodon handle to your own home on the web.
Of course you can bring your own domain name. Additionally:
* blog posts, naturally, both articles and microblogging notes
* photos
* podcasting
* custom themes
* web-clients and native mobile posting clients
* WordPress, Tumblr, Mastodon, Medium import
More details (and alternatives) at https://micro.one/about/pricing
And yes, it interoperates with the open #socialWeb, including:
* #ActivityPub support, #Mastodon and #fediverse compatibility
* #IndieAuth to sign-in to third-party apps
* #microformats support in all built-in themes
* #Webmention for sending and receiving replies across websites
* #Micropub standard posting API, supporting dozens of clients
* #Microsub standard timeline API, supporting social readers
More #indieweb support details at https://micro.one/about/indieweb
Did I mention the the superb micro.blog (and micro.one) Community Guidelines?
* https://help.micro.blog/t/community-guidelines/39
Well done @manton.org and team.
This is post 6 of #100PostsOfIndieWeb. #100Posts #ownYourIdentity #ownYourData #openSocialWeb
← https://tantek.com/2025/003/t1/lastfm-year-in-review-playback24
→ https://tantek.com/2025/012/t1/eight-years-webmention
Glossary
IndieAuth
https://indieweb.org/IndieAuth
microformats
https://microformats.org/wiki/microformats
Micropub
https://indieweb.org/Micropub
Microsub
https://indieweb.org/Microsub
Webmention
https://indieweb.org/Webmention
References
¹ https://www.manton.org/2025/01/03/microone-was-effectively-a-softlaunch.html
² https://tantek.com/2025/001/t1/15-years-notes-my-site-first
³ https://tantek.com/2023/022/t2/own-your-notes-domain-migration -
The team @micro.blog have done it again.
They soft-launched https://micro.one yesterday¹.
This may be the most accessible onramp to the open social web ever.
Cost: $1 a month. Yes you read correctly.
This is the simplest and cheapest (where you are the customer, not the product) way to own your identity and content online².
Stop posting in someone else’s garage³.
Time to export your Twitter, and migrate your Mastodon handle to your own home on the web.
Of course you can bring your own domain name. Additionally:
* blog posts, naturally, both articles and microblogging notes
* photos
* podcasting
* custom themes
* web-clients and native mobile posting clients
* WordPress, Tumblr, Mastodon, Medium import
More details (and alternatives) at https://micro.one/about/pricing
And yes, it interoperates with the open #socialWeb, including:
* #ActivityPub support, #Mastodon and #fediverse compatibility
* #IndieAuth to sign-in to third-party apps
* #microformats support in all built-in themes
* #Webmention for sending and receiving replies across websites
* #Micropub standard posting API, supporting dozens of clients
* #Microsub standard timeline API, supporting social readers
More #indieweb support details at https://micro.one/about/indieweb
Did I mention the the superb micro.blog (and micro.one) Community Guidelines?
* https://help.micro.blog/t/community-guidelines/39
Well done @manton.org and team.
This is post 6 of #100PostsOfIndieWeb. #100Posts #ownYourIdentity #ownYourData #openSocialWeb
← https://tantek.com/2025/003/t1/lastfm-year-in-review-playback24
→ https://tantek.com/2025/012/t1/eight-years-webmention
Glossary
IndieAuth
https://indieweb.org/IndieAuth
microformats
https://microformats.org/wiki/microformats
Micropub
https://indieweb.org/Micropub
Microsub
https://indieweb.org/Microsub
Webmention
https://indieweb.org/Webmention
References
¹ https://www.manton.org/2025/01/03/microone-was-effectively-a-softlaunch.html
² https://tantek.com/2025/001/t1/15-years-notes-my-site-first
³ https://tantek.com/2023/022/t2/own-your-notes-domain-migration -
The team @micro.blog have done it again.
They soft-launched https://micro.one yesterday¹.
This may be the most accessible onramp to the open social web ever.
Cost: $1 a month. Yes you read correctly.
This is the simplest and cheapest (where you are the customer, not the product) way to own your identity and content online².
Stop posting in someone else’s garage³.
Time to export your Twitter, and migrate your Mastodon handle to your own home on the web.
Of course you can bring your own domain name. Additionally:
* blog posts, naturally, both articles and microblogging notes
* photos
* podcasting
* custom themes
* web-clients and native mobile posting clients
* WordPress, Tumblr, Mastodon, Medium import
More details (and alternatives) at https://micro.one/about/pricing
And yes, it interoperates with the open #socialWeb, including:
* #ActivityPub support, #Mastodon and #fediverse compatibility
* #IndieAuth to sign-in to third-party apps
* #microformats support in all built-in themes
* #Webmention for sending and receiving replies across websites
* #Micropub standard posting API, supporting dozens of clients
* #Microsub standard timeline API, supporting social readers
More #indieweb support details at https://micro.one/about/indieweb
Did I mention the the superb micro.blog (and micro.one) Community Guidelines?
* https://help.micro.blog/t/community-guidelines/39
Well done @manton.org and team.
This is post 6 of #100PostsOfIndieWeb. #100Posts #ownYourIdentity #ownYourData #openSocialWeb
← https://tantek.com/2025/003/t1/lastfm-year-in-review-playback24
→ https://tantek.com/2025/012/t1/eight-years-webmention
Glossary
IndieAuth
https://indieweb.org/IndieAuth
microformats
https://microformats.org/wiki/microformats
Micropub
https://indieweb.org/Micropub
Microsub
https://indieweb.org/Microsub
Webmention
https://indieweb.org/Webmention
References
¹ https://www.manton.org/2025/01/03/microone-was-effectively-a-softlaunch.html
² https://tantek.com/2025/001/t1/15-years-notes-my-site-first
³ https://tantek.com/2023/022/t2/own-your-notes-domain-migration -
The team @micro.blog have done it again.
They soft-launched https://micro.one yesterday¹.
This may be the most accessible onramp to the open social web ever.
Cost: $1 a month. Yes you read correctly.
This is the simplest and cheapest (where you are the customer, not the product) way to own your identity and content online².
Stop posting in someone else’s garage³.
Time to export your Twitter, and migrate your Mastodon handle to your own home on the web.
Of course you can bring your own domain name. Additionally:
* blog posts, naturally, both articles and microblogging notes
* photos
* podcasting
* custom themes
* web-clients and native mobile posting clients
* WordPress, Tumblr, Mastodon, Medium import
More details (and alternatives) at https://micro.one/about/pricing
And yes, it interoperates with the open #socialWeb, including:
* #ActivityPub support, #Mastodon and #fediverse compatibility
* #IndieAuth to sign-in to third-party apps
* #microformats support in all built-in themes
* #Webmention for sending and receiving replies across websites
* #Micropub standard posting API, supporting dozens of clients
* #Microsub standard timeline API, supporting social readers
More #indieweb support details at https://micro.one/about/indieweb
Did I mention the the superb micro.blog (and micro.one) Community Guidelines?
* https://help.micro.blog/t/community-guidelines/39
Well done @manton.org and team.
This is post 6 of #100PostsOfIndieWeb. #100Posts #ownYourIdentity #ownYourData #openSocialWeb
← https://tantek.com/2025/003/t1/lastfm-year-in-review-playback24
→ https://tantek.com/2025/012/t1/eight-years-webmention
Glossary
IndieAuth
https://indieweb.org/IndieAuth
microformats
https://microformats.org/wiki/microformats
Micropub
https://indieweb.org/Micropub
Microsub
https://indieweb.org/Microsub
Webmention
https://indieweb.org/Webmention
References
¹ https://www.manton.org/2025/01/03/microone-was-effectively-a-softlaunch.html
² https://tantek.com/2025/001/t1/15-years-notes-my-site-first
³ https://tantek.com/2023/022/t2/own-your-notes-domain-migration -
The team @micro.blog have done it again.
They soft-launched https://micro.one yesterday¹.
This may be the most accessible onramp to the open social web ever.
Cost: $1 a month. Yes you read correctly.
This is the simplest and cheapest (where you are the customer, not the product) way to own your identity and content online².
Stop posting in someone else’s garage³.
Time to export your Twitter, and migrate your Mastodon handle to your own home on the web.
Of course you can bring your own domain name. Additionally:
* blog posts, naturally, both articles and microblogging notes
* photos
* podcasting
* custom themes
* web-clients and native mobile posting clients
* WordPress, Tumblr, Mastodon, Medium import
More details (and alternatives) at https://micro.one/about/pricing
And yes, it interoperates with the open #socialWeb, including:
* #ActivityPub support, #Mastodon and #fediverse compatibility
* #IndieAuth to sign-in to third-party apps
* #microformats support in all built-in themes
* #Webmention for sending and receiving replies across websites
* #Micropub standard posting API, supporting dozens of clients
* #Microsub standard timeline API, supporting social readers
More #indieweb support details at https://micro.one/about/indieweb
Did I mention the the superb micro.blog (and micro.one) Community Guidelines?
* https://help.micro.blog/t/community-guidelines/39
Well done @manton.org and team.
This is post 6 of #100PostsOfIndieWeb. #100Posts #ownYourIdentity #ownYourData #openSocialWeb
← https://tantek.com/2025/003/t1/lastfm-year-in-review-playback24
→ https://tantek.com/2025/012/t1/eight-years-webmention
Glossary
IndieAuth
https://indieweb.org/IndieAuth
microformats
https://microformats.org/wiki/microformats
Micropub
https://indieweb.org/Micropub
Microsub
https://indieweb.org/Microsub
Webmention
https://indieweb.org/Webmention
References
¹ https://www.manton.org/2025/01/03/microone-was-effectively-a-softlaunch.html
² https://tantek.com/2025/001/t1/15-years-notes-my-site-first
³ https://tantek.com/2023/022/t2/own-your-notes-domain-migration -
⚠️ .io domain¹ likely being phased-out² — seven suggested steps
Good article in The Verge summarizing recent .io related events, see that for more context if this is news to you:
* https://www.theverge.com/2024/10/8/24265441/uk-treaty-end-io-domain-chagos-islands
It looks likely .io (and .io domains) will go away in the next few years (as .cs and .yu did³), so here are my suggested steps to take depending on your usage of .io domains:
1. Avoid buying new .io domains (or making plans with existing ones; sell if you can)
2. If you currently run a .io service⁴ (for a company or community), make and publicize a transition plan (like a new domain, redirection, orderly shutdown plan for redirects)
3. If you have a personal site on a .io domain⁵ or subdomain, make your own transition plan, and perhaps post about how others should link to your posts
4. If you are using someone else’s .io domain to publish (like #GitHubPages⁶), make a transition plan to publish elsewhere and leave a forwarding note and link behind
5. If you use a .io domain as your Web sign-in login on any sites, switch them to another non-io personal domain
6. Similarly if your site accepts #WebSignIn logins (via #IndieAuth, #RelMeAuth, or even #OpenID), consider discouraging any new sign-ups from .io domains, and warning any existing users with .io domains to switch per # 5
7. If you have posts (or a whole #indieweb site) with links to .io sites or pages (like those in 2-4 above), make a plan for editing those links to point to an alternative or an archival copy (like on the Internet Archive)
And of course, post about your #dotIO plans.
Glossary
Domain
https://indieweb.org/domain
IndieAuth
https://indieweb.org/IndieAuth
Internet Archive
https://web.archive.org/
OpenID
https://indieweb.org/OpenID
Redirect
https://indieweb.org/redirect
RelMeAuth
https://indieweb.org/RelMeAuth
Web sign-in
https://indieweb.org/Web_sign-in
References:
¹ https://indieweb.org/.io
² https://en.wikipedia.org/wiki/.io#Phasing_Out
³ https://en.wikipedia.org/wiki/.cs
⁴ E.g. https://indieweb.org/webmention.io or https://indieweb.org/granary.io
⁵ E.g. https://indieweb.org/werd.io
⁶ https://indieweb.org/github.io
This is post 25 of #100PostsOfIndieWeb. #100Posts
← https://tantek.com/2024/283/t1/metaphors-constructive-cooperative-joyful
→ https://tantek.com/2024/287/t1/fediverse-unfollow-bridgyfed-bug -
⚠️ .io domain¹ likely being phased-out² — seven suggested steps
Good article in The Verge summarizing recent .io related events, see that for more context if this is news to you:
* https://www.theverge.com/2024/10/8/24265441/uk-treaty-end-io-domain-chagos-islands
It looks likely .io (and .io domains) will go away in the next few years (as .cs and .yu did³), so here are my suggested steps to take depending on your usage of .io domains:
1. Avoid buying new .io domains (or making plans with existing ones; sell if you can)
2. If you currently run a .io service⁴ (for a company or community), make and publicize a transition plan (like a new domain, redirection, orderly shutdown plan for redirects)
3. If you have a personal site on a .io domain⁵ or subdomain, make your own transition plan, and perhaps post about how others should link to your posts
4. If you are using someone else’s .io domain to publish (like #GitHubPages⁶), make a transition plan to publish elsewhere and leave a forwarding note and link behind
5. If you use a .io domain as your Web sign-in login on any sites, switch them to another non-io personal domain
6. Similarly if your site accepts #WebSignIn logins (via #IndieAuth, #RelMeAuth, or even #OpenID), consider discouraging any new sign-ups from .io domains, and warning any existing users with .io domains to switch per # 5
7. If you have posts (or a whole #indieweb site) with links to .io sites or pages (like those in 2-4 above), make a plan for editing those links to point to an alternative or an archival copy (like on the Internet Archive)
And of course, post about your #dotIO plans.
Glossary
Domain
https://indieweb.org/domain
IndieAuth
https://indieweb.org/IndieAuth
Internet Archive
https://web.archive.org/
OpenID
https://indieweb.org/OpenID
Redirect
https://indieweb.org/redirect
RelMeAuth
https://indieweb.org/RelMeAuth
Web sign-in
https://indieweb.org/Web_sign-in
References:
¹ https://indieweb.org/.io
² https://en.wikipedia.org/wiki/.io#Phasing_Out
³ https://en.wikipedia.org/wiki/.cs
⁴ E.g. https://indieweb.org/webmention.io or https://indieweb.org/granary.io
⁵ E.g. https://indieweb.org/werd.io
⁶ https://indieweb.org/github.io
This is post 25 of #100PostsOfIndieWeb. #100Posts
← https://tantek.com/2024/283/t1/metaphors-constructive-cooperative-joyful
→ https://tantek.com/2024/287/t1/fediverse-unfollow-bridgyfed-bug -
⚠️ .io domain¹ likely being phased-out² — seven suggested steps
Good article in The Verge summarizing recent .io related events, see that for more context if this is news to you:
* https://www.theverge.com/2024/10/8/24265441/uk-treaty-end-io-domain-chagos-islands
It looks likely .io (and .io domains) will go away in the next few years (as .cs and .yu did³), so here are my suggested steps to take depending on your usage of .io domains:
1. Avoid buying new .io domains (or making plans with existing ones; sell if you can)
2. If you currently run a .io service⁴ (for a company or community), make and publicize a transition plan (like a new domain, redirection, orderly shutdown plan for redirects)
3. If you have a personal site on a .io domain⁵ or subdomain, make your own transition plan, and perhaps post about how others should link to your posts
4. If you are using someone else’s .io domain to publish (like #GitHubPages⁶), make a transition plan to publish elsewhere and leave a forwarding note and link behind
5. If you use a .io domain as your Web sign-in login on any sites, switch them to another non-io personal domain
6. Similarly if your site accepts #WebSignIn logins (via #IndieAuth, #RelMeAuth, or even #OpenID), consider discouraging any new sign-ups from .io domains, and warning any existing users with .io domains to switch per # 5
7. If you have posts (or a whole #indieweb site) with links to .io sites or pages (like those in 2-4 above), make a plan for editing those links to point to an alternative or an archival copy (like on the Internet Archive)
And of course, post about your #dotIO plans.
Glossary
Domain
https://indieweb.org/domain
IndieAuth
https://indieweb.org/IndieAuth
Internet Archive
https://web.archive.org/
OpenID
https://indieweb.org/OpenID
Redirect
https://indieweb.org/redirect
RelMeAuth
https://indieweb.org/RelMeAuth
Web sign-in
https://indieweb.org/Web_sign-in
References:
¹ https://indieweb.org/.io
² https://en.wikipedia.org/wiki/.io#Phasing_Out
³ https://en.wikipedia.org/wiki/.cs
⁴ E.g. https://indieweb.org/webmention.io or https://indieweb.org/granary.io
⁵ E.g. https://indieweb.org/werd.io
⁶ https://indieweb.org/github.io
This is post 25 of #100PostsOfIndieWeb. #100Posts
← https://tantek.com/2024/283/t1/metaphors-constructive-cooperative-joyful
→ https://tantek.com/2024/287/t1/fediverse-unfollow-bridgyfed-bug -
⚠️ .io domain¹ likely being phased-out² — seven suggested steps
Good article in The Verge summarizing recent .io related events, see that for more context if this is news to you:
* https://www.theverge.com/2024/10/8/24265441/uk-treaty-end-io-domain-chagos-islands
It looks likely .io (and .io domains) will go away in the next few years (as .cs and .yu did³), so here are my suggested steps to take depending on your usage of .io domains:
1. Avoid buying new .io domains (or making plans with existing ones; sell if you can)
2. If you currently run a .io service⁴ (for a company or community), make and publicize a transition plan (like a new domain, redirection, orderly shutdown plan for redirects)
3. If you have a personal site on a .io domain⁵ or subdomain, make your own transition plan, and perhaps post about how others should link to your posts
4. If you are using someone else’s .io domain to publish (like #GitHubPages⁶), make a transition plan to publish elsewhere and leave a forwarding note and link behind
5. If you use a .io domain as your Web sign-in login on any sites, switch them to another non-io personal domain
6. Similarly if your site accepts #WebSignIn logins (via #IndieAuth, #RelMeAuth, or even #OpenID), consider discouraging any new sign-ups from .io domains, and warning any existing users with .io domains to switch per # 5
7. If you have posts (or a whole #indieweb site) with links to .io sites or pages (like those in 2-4 above), make a plan for editing those links to point to an alternative or an archival copy (like on the Internet Archive)
And of course, post about your #dotIO plans.
Glossary
Domain
https://indieweb.org/domain
IndieAuth
https://indieweb.org/IndieAuth
Internet Archive
https://web.archive.org/
OpenID
https://indieweb.org/OpenID
Redirect
https://indieweb.org/redirect
RelMeAuth
https://indieweb.org/RelMeAuth
Web sign-in
https://indieweb.org/Web_sign-in
References:
¹ https://indieweb.org/.io
² https://en.wikipedia.org/wiki/.io#Phasing_Out
³ https://en.wikipedia.org/wiki/.cs
⁴ E.g. https://indieweb.org/webmention.io or https://indieweb.org/granary.io
⁵ E.g. https://indieweb.org/werd.io
⁶ https://indieweb.org/github.io
This is post 25 of #100PostsOfIndieWeb. #100Posts
← https://tantek.com/2024/283/t1/metaphors-constructive-cooperative-joyful
→ https://tantek.com/2024/287/t1/fediverse-unfollow-bridgyfed-bug -
⚠️ .io domain¹ likely being phased-out² — seven suggested steps
Good article in The Verge summarizing recent .io related events, see that for more context if this is news to you:
* https://www.theverge.com/2024/10/8/24265441/uk-treaty-end-io-domain-chagos-islands
It looks likely .io (and .io domains) will go away in the next few years (as .cs and .yu did³), so here are my suggested steps to take depending on your usage of .io domains:
1. Avoid buying new .io domains (or making plans with existing ones; sell if you can)
2. If you currently run a .io service⁴ (for a company or community), make and publicize a transition plan (like a new domain, redirection, orderly shutdown plan for redirects)
3. If you have a personal site on a .io domain⁵ or subdomain, make your own transition plan, and perhaps post about how others should link to your posts
4. If you are using someone else’s .io domain to publish (like #GitHubPages⁶), make a transition plan to publish elsewhere and leave a forwarding note and link behind
5. If you use a .io domain as your Web sign-in login on any sites, switch them to another non-io personal domain
6. Similarly if your site accepts #WebSignIn logins (via #IndieAuth, #RelMeAuth, or even #OpenID), consider discouraging any new sign-ups from .io domains, and warning any existing users with .io domains to switch per # 5
7. If you have posts (or a whole #indieweb site) with links to .io sites or pages (like those in 2-4 above), make a plan for editing those links to point to an alternative or an archival copy (like on the Internet Archive)
And of course, post about your #dotIO plans.
Glossary
Domain
https://indieweb.org/domain
IndieAuth
https://indieweb.org/IndieAuth
Internet Archive
https://web.archive.org/
OpenID
https://indieweb.org/OpenID
Redirect
https://indieweb.org/redirect
RelMeAuth
https://indieweb.org/RelMeAuth
Web sign-in
https://indieweb.org/Web_sign-in
References:
¹ https://indieweb.org/.io
² https://en.wikipedia.org/wiki/.io#Phasing_Out
³ https://en.wikipedia.org/wiki/.cs
⁴ E.g. https://indieweb.org/webmention.io or https://indieweb.org/granary.io
⁵ E.g. https://indieweb.org/werd.io
⁶ https://indieweb.org/github.io
This is post 25 of #100PostsOfIndieWeb. #100Posts
← https://tantek.com/2024/283/t1/metaphors-constructive-cooperative-joyful
→ https://tantek.com/2024/287/t1/fediverse-unfollow-bridgyfed-bug -
@lil5 Not quite *password* less, as I originally expected. This step is impossible for me to go through because #Firefox on #PC and #Android can't into this protocol. But if it works for others, than that's good. 👍🏻
I once used to use generating and exploiting simple magic links before I moved to #IndieAuth: https://github.com/jaredthirsk/PwdLess
-
Indie social sign-in could go mainstream
https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream
submitted by erlend_sh to fediverse3 points | 0 commentshttps://blog.erlend.sh/indie-social-sign-in-could-go-mainstreamBack in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using -
Indie social sign-in could go mainstream
https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream
submitted by erlend_sh to fediverse3 points | 0 commentshttps://blog.erlend.sh/indie-social-sign-in-could-go-mainstreamBack in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using -
Indie social sign-in could go mainstream
https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream
submitted by erlend_sh to fediverse3 points | 0 commentshttps://blog.erlend.sh/indie-social-sign-in-could-go-mainstreamBack in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using -
Back in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.
https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream
-
Back in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.
https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream
-
Back in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.
https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream
-
Back in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.
https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream
-
Back in June I wrote about an exciting confluence of digital auth tech:
(1) The commodification of #OIDC infrastructure, (2) the emergence of #FedCM, (3) and the compatibility of both with #indieauth .
In short, it is now easier than ever to log into web applications using your own website as an identity provider. Or at least, it would be, if your favorite web apps supported these agency-enhancing technologies.
https://blog.erlend.sh/indie-social-sign-in-could-go-mainstream
-
Anyone interested in single sign-on / #SSO? Want a new toy to play with? I've been experimenting with it recently, and now I've got something to share: an experimental demo of how a "Sign in with the Fediverse" mechanism might work.
If you have a Mastodon or Hubzilla account, or an IndieAuth-style self-hosted identity, I'd like to invite you to try and sign in to my test site at login.mythik.co.uk.
Headline features:- User authentication/authorization based on the Ory tools.
- Supports signing in using an existing Fediverse (or other) account - or one you host yourself
- Open source - well, not yet, but it could be, if people are interested in it
- Written by a non-expert! Woefully insecure! All manner of attacks, just waiting to be found! Invite your security expert friends to the party, and laugh together at the n00b! Fun for all the family!
Supported identity providers include:- Mastodon (must be a recent version that includes this pull request). mastodon.social is known to work.
- Hubzilla (any version). zotum.net is known to work.
- #IndieAuth / #FedCM
- Another instance of itself, using OpenID Connect
(There's a chance Streams might work, too.)
Protocols supported:- #OIDC Discovery
- Client ID Metadata Document
- FedCM for IndieAuth
- #OpenWebAuth
- A method using the Mastodon API
- Classic (non-FedCM) IndieAuth (if you're lucky; I found this very hard to test, and had various problems with it)
- My original experiments used Dynamic Client Registration but I've moved away from this.
If you can get it to work - share a screenshot and let me know what you think!
(I'll try to keep this running for a while, but I can't guarantee it - partly because I haven't finished trying to attack it yet. If I have to take it down for some reason, I'll edit this post to say so.) -
Anyone interested in single sign-on / #SSO? Want a new toy to play with? I've been experimenting with it recently, and now I've got something to share: an experimental demo of how a "Sign in with the Fediverse" mechanism might work.
If you have a Mastodon or Hubzilla account, or an IndieAuth-style self-hosted identity, I'd like to invite you to try and sign in to my test site at login.mythik.co.uk.
Headline features:- User authentication/authorization based on the Ory tools.
- Supports signing in using an existing Fediverse (or other) account - or one you host yourself
- Open source - well, not yet, but it could be, if people are interested in it
- Written by a non-expert! Woefully insecure! All manner of attacks, just waiting to be found! Invite your security expert friends to the party, and laugh together at the n00b! Fun for all the family!
Supported identity providers include:- Mastodon (must be a recent version that includes this pull request). mastodon.social is known to work.
- Hubzilla (any version). zotum.net is known to work.
- #IndieAuth / #FedCM
- Another instance of itself, using OpenID Connect
(There's a chance Streams might work, too.)
Protocols supported:- #OIDC Discovery
- Client ID Metadata Document
- FedCM for IndieAuth
- #OpenWebAuth
- A method using the Mastodon API
- Classic (non-FedCM) IndieAuth (if you're lucky; I found this very hard to test, and had various problems with it)
- My original experiments used Dynamic Client Registration but I've moved away from this.
If you can get it to work - share a screenshot and let me know what you think!
(I'll try to keep this running for a while, but I can't guarantee it - partly because I haven't finished trying to attack it yet. If I have to take it down for some reason, I'll edit this post to say so.) -
Anyone interested in single sign-on / #SSO? Want a new toy to play with? I've been experimenting with it recently, and now I've got something to share: an experimental demo of how a "Sign in with the Fediverse" mechanism might work.
If you have a Mastodon or Hubzilla account, or an IndieAuth-style self-hosted identity, I'd like to invite you to try and sign in to my test site at login.mythik.co.uk.
Headline features:- User authentication/authorization based on the Ory tools.
- Supports signing in using an existing Fediverse (or other) account - or one you host yourself
- Open source - well, not yet, but it could be, if people are interested in it
- Written by a non-expert! Woefully insecure! All manner of attacks, just waiting to be found! Invite your security expert friends to the party, and laugh together at the n00b! Fun for all the family!
Supported identity providers include:- Mastodon (must be a recent version that includes this pull request). mastodon.social is known to work.
- Hubzilla (any version). zotum.net is known to work.
- #IndieAuth / #FedCM
- Another instance of itself, using OpenID Connect
(There's a chance Streams might work, too.)
Protocols supported:- #OIDC Discovery
- Client ID Metadata Document
- FedCM for IndieAuth
- #OpenWebAuth
- A method using the Mastodon API
- Classic (non-FedCM) IndieAuth (if you're lucky; I found this very hard to test, and had various problems with it)
- My original experiments used Dynamic Client Registration but I've moved away from this.
If you can get it to work - share a screenshot and let me know what you think!
(I'll try to keep this running for a while, but I can't guarantee it - partly because I haven't finished trying to attack it yet. If I have to take it down for some reason, I'll edit this post to say so.) -
In den letzten Tagen habe ich noch ein wenig hin und her probiert. Ich habe das Activitypub- und das Friends-Plugin aktiviert. Dadurch bin ich jetzt im Fediverse auch unter marc@Marc.hannebrook.info erreichbar.
Durch Friends kann ich dort anderen Accounts folgen und auch mit deren Beiträgen interagieren. Damit habe ich vielleicht das, im vorherigen Beitrag erwähnte, „Friendica-Problem“ indirekt gelöst. Ich würde dann einfach nicht mehr mit dem Friendica-Account interagieren, sondern mit diesem. Die nächsten Tage werden zeigen, wie praktikabel das ist.
Überhaupt stellt sich die Frage, warum ich mit der Installation des ActivityPub-Plugins noch den Friendica- und den Mastodon-Account betreiben sollte, da diese Seite jetzt direkt mit dem Fediverse verbunden ist. Auch hier wird die Praxis in den nächsten Tagen (hoffentlich) Erkenntnisse hervorbringen.
Ich habe diese WordPress-Installation dann noch vom Webspace bei all-inkl auf meinen VPS übertragen, weil ich hoffte, dass das Login auf indieweb.org durch IndieAuth dann funktioniert – bislang Fehlanzeige. Aber dafür kann ich jetzt per Friends auf Beiträge im Fediverse antworten. Das hat auf meinem Webspace vorher nicht funktioniert. Und das Teilen der Beiträge auf Mastodon und Bluesky funktioniert jetzt ohne vorherige Speicherung des jeweiligen Beitrages.
https://marc.hannebrook.info/blog/2024/06/21/weitere-einstellungen/
#Fediverse #Friendica #IndieAuth #Indieweb #Mastodon #Wordpress
-
☝🏻 Apologies for the tag-in, but you might be the only person I know on here who has any ideas on my post above.
-
☝🏻 Apologies for the tag-in, but you might be the only person I know on here who has any ideas on my post above.
-
In an #IndieAuth flow, what are some authorization endpoint strategies (besides #RelMeAuth) for attesting that a person "owns" the domain they're authenticating with?
Some ideas in decreasing order of complexity: TXT DNS record, an HTTP header, a `<link>` element of some kind…
• https://indieauth.spec.indieweb.org
• https://microformats.org/wiki/RelMeAuth -
In an #IndieAuth flow, what are some authorization endpoint strategies (besides #RelMeAuth) for attesting that a person "owns" the domain they're authenticating with?
Some ideas in decreasing order of complexity: TXT DNS record, an HTTP header, a `<link>` element of some kind…
• https://indieauth.spec.indieweb.org
• https://microformats.org/wiki/RelMeAuth -
Well this is moving quickly! You can now spin up FedCM on your own website and log in to https://webmention.io thanks to this open source project from Sam Goto! This is so much better than having to type out your website or even email address when logging in! Full instructions here:
https://github.com/fedidcg/FedCM/issues/240#issuecomment-2118606184