I wanted to put out to any WordPress user for some input. The IndieAuth plugin creates an IndieAuth endpoint inside your WordPress installation. This means that you login to your site and that login generates a token to give Micropub, Microsub, or other clients in order to let them have access to your site.
Alternatively, if you don’t install it, the IndieAuth code inside the other plugins will connect to an external IndieAuth endpoint, defaultly indieauth.com. Indieauth.com, for example, delegates your login to a third-party site(Github, for examplle) on which you have an account that you link to from your website. So all you need is to add a link marked up properly to your site for that.
So, the question is, why would people want an external login to a built-in login? Since it uses the WordPress login system to get your credentials, you could install any number of login enhancements for WordPress that would work seamlessly to accomplish the same goal if you want to log in using a third-party site, for example.
It is definitely more secure for you to use authorization under your own control than delegating it to another site. To try and make my life easier, I would like to make Micropub and Microsub dependent on having the IndieAuth plugin installed.
The only use case presented for allowing an external site was…what if I want to sign into Site A with the credentials of Site B? That would be web sign in. There is functionality for that built into the IndieAuth plugin, but it probably deserves to be its own plugin so you can install it or not as the case may be.
Web sign in presents you with a URL and then, when you ask to log in, searches that URL for an IndieAuth authorization endpoint. If none is available, it would fail back on another technique, such as relmeauth…looking for alternative login providers.
Hoping for some comments on why people might want to maintain the external option.
IndieAuth for WordPress Question by David Shanske
For what it’s worth, I think IndieAuth is reliable enough that supporting external auth is no longer needed. If there are cases where people have trouble getting the IndieAuth plugin to work for them, then a fallback is handy. However I think you’re correct that the added work (and complexibity) of maintaining secondary authorization methods across multiple plugins is not ideal.
As long as there is a visible prompt or other explanation informing users that they must install IndieAuth to user Micropub or Microsub, I’m in favour of removing the fallback.
IndieAuth for WordPress Question by David Shanske
> Thinking about the necessity of maintaining IndieAuth code in the Micropub plugin and now the Yarns Microsub plugin for WordPress. I wanted to put out to any WordPress user for some input. The… jackjamieson.net/?p=5334
IndieAuth plugin is fine for me. I have it installed and active anyway since it’s part of the suggested IndieWeb plugin collection for WordPress. In fact I feel more uneasy with auth functions crammed into other plugins where I don’t even expect them to be. Feels wrong to have such functions all over the place. IndieAuth for WordPress Question by David Shanske David Shanske
Thinking about the necessity of maintaining IndieAuth code in the Micropub plugin and now the Yarns Microsub plugin for WordPress.
I wanted to put out to any WordPress user for some input. The IndieAuth plugin creates an IndieAuth endpoint inside your WordPress installation. This means that you logi…