Web sign-in

From IndieWeb


Web sign-in is signing in to websites using your personal web address (without having to use your e-mail address). Web sign-in provides a simpler replacement for OpenID.

Why

Main article: Why web sign-in

Web sign-in is much simpler to use and implement than previous methods of signing in with your own domain like OpenID.

Using your own domain is safer than a 3rd party email service, and simpler than email on your own domain.

See Why web sign-in for more reasons why you should use it.

How to

Details

A site or service that that supports web sign-in provides the following user experience (UX):

  1. sign-in or login link, that when clicked goes to or reveals #2
  2. text field for entering a web address (can be its own page or part of a drop down dialog) that when submitted does #3
  3. verifies the user has control of that domain (e.g. via RelMeAuth, IndieAuth, or by calling a service that does one, both, or more)
  4. visual indication that someone is signed-in
  5. a sign-out or logout link, that when clicked clears out any login state and goes to #1

Web sign-in does not require any specific protocol, though typical web sign-in UX may support one or more of:

And in addition to at least one of those, may direct silo-specific profile URLs (e.g. twitter.com/username) to silo-specific sign-in (e.g. sign-in with Twitter)

See web-sign-in-protocol for a more detailed example of Web sign-in, or https://microformats.org/wiki/web_sign-in.

A web sign-in UX MUST not require Javascript in order to function, though it may use progressive enhancement for a smoother UX.

IndieWeb Examples

Examples of IndieWeb sites that support Web Sign-in:

Sebastiaan Andeweg

Sebastiaan Andeweg supports Web Sign-in on seblog.nl to show

  • private / limited audience posts (via a "/private" new nav item that appears when signed in)
  • signed-in only posts (e.g. checkin posts) on the home page stream (as well as the ability to click and view the permalinks of those posts)
  • when seblog.nl is signed-in in particular:

David Somers

David Somers [omz13] supports it at [toolbox] which requests the users domain name, does some discovery, then primarily initiates IndieAuth login to grant access. If the browser supports JavaScript the UI is slightly smother than when operating in a no JavaScript environment.

Implementations

See https://microformats.org/wiki/relmeauth#open_source_implementations for more.

Articles

See also IndieAuth articles.

See Also