IndieAuth for WordPress 4.4.0 Released

Version 4.4.0 of the WordPress IndieAuth plugin was released today, and it contains a lot of changes, but very little in terms of noticeable ones.

The biggest changes involve the removal of the already hidden by default Remote IndieAuth code, which allowed you to use a third-party indieauth endpoint. The plugin now only allows you to use the local code.

Why is this? Because the plugin is a full IndieAuth endpoint. If someone truly is interested in using someone else’s endpoint, then I’ve put that code aside if it is needed.

I also reworked a lot of the code based on the newest revision of the IndieAuth specification. I jumped on the revision bandwagon early for the plugin, but I had essentially bolted the new pieces onto the older code. I tried to move things around to integrate it more.

I had missed updating the Web Sign In feature to support the latest revision. Web Sign In is effectively an IndieAuth client. It allows you to log into your WordPress site using IndieAuth instead of a username and password.

So, you put in a URL, authenticate to that URL, and it will log you into your site.  This is what indielogin does, although if there is no IndieAuth endpoint, it falls back on other things and the WordPress version does not..although it could in theory…just not sure what services it would fall back to.

This feature allows things like logging into a multi-user WordPress site with your personal WordPress site by linking the two and being logged in or logging into the personal site.

But this isn’t the end of it, because I have more ideas I’d like to play with for the future.

  • Improve the process for how the system decides that a user is in fact, the same as the logged in user on the other site, possibly by having a list of approved domains that can authenticate?
  • What if Web Sign In could be made the default for logging in?
  • What if the act of trying to log into a WordPress site with your own website created a subscriber level user(a user with no privileges)? That user could then be issued permissions to view non-public information.
  • More with Ticketing…which means more enhancements to allow a logged in user to see specific ‘private’ posts inside and outside of feeds.