selfauth
This article is a stub. You can help the IndieWeb wiki by expanding it.
selfauth is a single user authorization endpoint written as single-file PHP without a database.
If you are looking for a minimal, self-hostable token endpoint, see Mintoken.
Why
- You don't need silo accounts to use Selfauth, so it's IndieAuth without Twitter or Github.
- More privacy: you don't tell silos that you want to login somewhere, only your own server.
- Not vulnerable for social engineering with silo accounts.
How-to
- Download the latest version of selfauth from GitHub: https://github.com/Inklings-io/selfauth/archive/master.zip.
- Upload
index.php
andsetup.php
to any public folder on your website. The rest of this how to assumes a folder calledauth
in the root of your website, reachable onhttps://example.com/auth/
. - Navigate to
setup.php
in your browser, e.g.https://example.com/auth/setup.php
and follow the steps on screen.- It will ask you to provide the URL you want to login with, probably your homepage, and
- a password to identify yourself with.
- Add a link to your homepage so websites you are logging in to can find it. Do this by adding the following to your
<head>
, donβt forget to change thehref
to link to where you uploaded the files!<link rel="authorization_endpoint" href="https://example.com/auth/" />
You are done and can now login to any IndieAuth supporting website with nothing other than your own site!
This How-to was derived from the official README on 2017-08-13. Always check out a projectβs README file to double check for new developments.
IndieWeb Examples
Martijn van der Ven
Martijn van der Ven has been using selfauth to login to Telegraph and this wiki as of 2017-06-23. Important part of his selfdogfood principle.
fluffy
fluffy has been using selfauth since December 2018 for providing IndieAuth login to webmention.io et al, as well as her own website's admin dashboard
Criticism
- It's easier to use rel=me and re-use your existing accounts, with all it's security features.
- However, this criticism is only applicable when using selfauth for authenticating to sites. When authorizing an app such as a Micropub app to let it post to your site, some other software needs to run in order for that to happen: either a self-hosted token endpoint or a service such as IndieAuth.com.