OpenWebAuth

This article is a stub. You can help the IndieWeb wiki by expanding it.

OpenWebAuth is the authentication protocol utilized by Hubzilla and (streams); making use of Webfingers, HTTP Signatures and token generation for headless authentication.

Documentation

• Fediverse Proposal: 2025-03-01 FenTiger: FEP-61cf: The OpenWebAuth Protocol (archived)
  • Also available in the FEP repository
  • Tracking ticket
• Specification
  • OpenWebAuth: https://framagit.org/hubzilla/core/-/blob/master/spec/OpenWebAuth/Home.md
  • Magic Auth (Zot protocol): https://hubzilla.org/help/developer/zot_protocol#Magic_Auth

IndieWeb Examples

• Add yourself here… (see this for more details)
• ...

Criticism

• Unclear on where the spec is actually defined
• Uses cryptography in the spec itself rather than keeping cryptography at the transport layer
• Relies on the site you're signing in to to accept the owt query parameter in every page, as opposed to confining the authentication code to a single URL that can redirect to the destination later
• Uses HTTP signatures but doesn't specify how the keys are discoverable, so it is unclear where to read to find that out

See Also

• cryptography
• IndieAuth
• Ticketing_for_IndieAuth