1. 19

  2. 4

    Excellent post! I’ve used IndieAuth to authenticate using PGP previously (through OpenID delegation) but unfortunately not many sites support it. Once I put my profile URL in a Wordpress blog comment and was surprised they did ask me to use OpenID to authenticate my post (cool!).

    If there’s enough interest, I might clean both scripts up a bit so you can plop them in a Netlify site and have IndieAuth.

    I’d gladly see the code either cleaned up or as-is (I usually get the idea and re-implement it myself anyway).

    1. 4

      I once (4 years ago it seems) built indiecert.net (now domain squatted) an IndieAuth.com compatible server using X.509 client certificates: https://www.tuxed.net/fkooman/blog/indiecert.html but the lack of adoption (of IndieAuth in general) made me lose interest in it…

      1. 2

        That was my main provider before it folded.

        1. 1

          I used it! Was surprised/annoyed when it stopped working :( It’s even mentioned in the readme to my CA management tool

        2. 2

          Thank you! I posted the code on the page as-is, you’ll just have to tune out the atrocity that is the error handling code.

          1. 2

            No worries, all code is ugly first before it’s refined. I actually did rewrite parts of people’s code here on Lobsters, even got scolded for that :)

        3. 3

          Couple of questions:

          1. Can this be done without vendor lockin of netlify? Let’s say on gitlab or github pages.
          2. Can this be done without JS at all?
          1. 2
            1. Netlify functions are just AWS Lambda functions with some sugar, so this could also be run there, and as far as I can tell it should also work on just about any serverless platform with minor tweaks. For instance, you can use CloudFlare functions with GH Pages with practically the same code.
            2. There is no client-side JS, only server-side, and the server-side is necessary because authentication in this manner inherently requires some sort of server.
          2. 2

            This is awesome, thank you for sharing.

            I’d love to see your code; I don’t think you should even bother cleaning it up - little scripts like this tend to be pretty specific in my experience, and taking yours as an outline rather than a ‘put it in production’ script would still be super helpful!

            1. 1

              Thank you!

              I’ve posted the code on the page - the error handling is especially a mess, but as long as it catches the errors I don’t care how it looks to me.

            2. 1

              I clicked on your website and was startled at how fast it loaded (no cache).

              I think I need to switch to a static site. I moved from Hexo to Wordpress to get IndieWeb features, but this might be better…

              1. 2

                It also helps that on most pages there aren’t any requests after the first (for the HTML) that are required for the page to draw, because the CSS and minimal JS are all embedded in the page, and it’s also served up on a CDN. Though, while writing this comment, I just realized I could get that same benefit but also take advantage of the cache using HTTP/2…

                If you’re interested in moving to a static site, the EleventyOne scaffold is what I used and it has been a great mostly-unopinionated scaffold to start with. Plus, the default CSS is pretty nice looking.