Indieauth is a layer on top of Oauth2. It eliminates the need for client registration by making your client id your URL. This solves the issue WordPress had with this.
Read-only archive : https://petitions.classicpress.net/posts/86/add-indieauth-as-built-in-auth
Author : David Shanske
Vote count : 7
Status : open
Comments
I think that is not the case to integrate an external service in the core because the project is open source and we will bind to that.
At this point is better implement one time password as 2FA that will not bind to a service or a client software like Facebook, Github, and Firefox do.
This plugin https://wordpress.org/plugins/2fas-light/ support that as example.
~ posted by Daniele Scasciafratte
Daniele, I think you are misunderstanding this. IndieAuth is an Oauth2 identity layer that I am proposing would be built into Core and would not depend on an external service. The Indieauth plugin I linked to, which I am a contributor to, implements an authorization and a token endpoint using the REST API, so inside the site itself. The only login you’d use to allow an applicaton to get a token is your WordPress login.
WordPress proposed using a more traditional Oauth2 implementation that requires client registration, and the team there had the idea of running that through a wordpress.org service. The IndieAuth variant could run exclusively inside a WordPress install(the plugin does this already).
~ posted by David Shanske
Thanks for the clarification, I was thinking that was a service for Oauth2 like many others
~ posted by Daniele Scasciafratte
I think developers want a way for their applications to get authenticated access to the REST API. That seems to be a constant demand. But few want the overhead or responsibility for third-party servers. This would bake all of that in.
~ posted by David Shanske
Hey Daniele! I should have figured I’d find you here. I hope all is well!
Indieauth is an awesome OAuth2 solution using REST API.
If our goal. Is a stable system using open APIs it makes sense.
~ posted by Greg McVerry