indieauth-for-login
IndieAuth for login is a user flow and protocol for web applications to implement user login via an authorization server. The user chooses an authorization server by linking to it from their home page.
Authentication Flow
- User enters their personal web address in the login form of the web application and clicks "Log in"
- Web application discovers the authorization endpoint by fetching the user's homepage
- Web application redirects the user's browser to the authorization endpoint
- Authorization endpoint verifies the user, e.g. by logging in
- Authorization endpoint redirects the browser back to the web application, including a code
- Web application verifies the code directly with the authorization endpoint
- User is logged into the web application
How to Specify an Authorization Endpoint
Applications will check the URL entered as the identity for a link tag with a rel value of "authorization_endpoint". You can place this code on your home page to delegate to a specific authorization endpoint of your choosing.
<link rel="authorization_endpoint" href="http://indieauth.example.org/">
Authorization Services