Replied to OAuth for the Open Web by Aaron PareckiAaron Parecki (Aaron Parecki)

OAuth has become the de facto standard for authorization and authentication on the web. Nearly every company with an API used by third party developers has implemented OAuth to enable people to build apps on top of it.
While OAuth is a great framework for this, the way it has ended up being used is …

IndieAuth, the extension to OAuth 2.0, was developed by Aaron Parecki and implemented by multiple people  in the IndieWeb community, including myself.

The problem has been that people conflated it with the service Aaron created as a reference implementation, which implemented IndieAuth for people who didn’t have it by using the OAuth services of sites like Twitter and Github to bootstrap the service.

Aaron succeeds here in finally conveying a point it took me a long time to understand, and partially only by reading and implementing one of these.

Was pleased to see the founder of Home Assistant, a product I use, tweeting that he would adopt this in that product. Looking forward to seeing what people come up with.

David Shanske

My day job is in training for an airline. I also develop Indieweb WordPress plugins so that others can take control of their online identity.

Leave a Reply

Your email address will not be published. Required fields are marked *