Indieauth is a layer on top of Oauth2. It eliminates the need for client registration by making your client id your URL. This solves the issue WordPress had with this.
Read-only archive : https://petitions.classicpress.net/posts/86/add-indieauth-as-built-in-auth
Author : David Shanske
Vote count : 7
Status : open
Comments
I think that is not the case to integrate an external service in the core because the project is open source and we will bind to that.https://wordpress.org/plugins/2fas-light/ support that as example.
~ posted by Daniele Scasciafratte
Daniele, I think you are misunderstanding this. IndieAuth is an Oauth2 identity layer that I am proposing would be built into Core and would not depend on an external service. The Indieauth plugin I linked to, which I am a contributor to, implements an authorization and a token endpoint using the REST API, so inside the site itself. The only login you’d use to allow an applicaton to get a token is your WordPress login.
WordPress proposed using a more traditional Oauth2 implementation that requires client registration, and the team there had the idea of running that through a wordpress.org service. The IndieAuth variant could run exclusively inside a WordPress install(the plugin does this already).
~ posted by David Shanske
Thanks for the clarification, I was thinking that was a service for Oauth2 like many others
~ posted by Daniele Scasciafratte
I think developers want a way for their applications to get authenticated access to the REST API. That seems to be a constant demand. But few want the overhead or responsibility for third-party servers. This would bake all of that in.
~ posted by David Shanske
Hey Daniele! I should have figured I’d find you here. I hope all is well!
Indieauth is an awesome OAuth2 solution using REST API.
If our goal. Is a stable system using open APIs it makes sense.
~ posted by Greg McVerry
