Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
add support for signing in via IndieAuth #34
Currently, it is possibly to sign in to
I want to make it so there isn't a single point of failure and so people can sign in without having a GitHub account, but I don't want to compromise on the user experience.
The following options are not good:
Instead, I plan to resolve this by switching to a URL-based sign in flow, and adding support for signing in via the IndieAuth protocol. IndieAuth is a decentralized identity protocol built on top of OAuth 2.0. Its latest specification is available at https://indieauth.spec.indieweb.org.
To sign in, a user will enter a URL they control. If they want to continue to sign in via GitHub, they can enter a URL like https://github.com/dmitshur:
When entering a github.com user profile URL, GitHub will be used to authenticate as before.
Users will also be able to sign in with any other URL they control that supports IndieAuth, such as https://example.com. This URL can be short and memorable, like one's personal website.
This change is a first step towards implementing support for signing in via IndieAuth on the site. It implements a new sign in flow that is based on URLs. For now, only URLs like "https://github.com/dmitshur" are supported. As a result, there is no functional change; people can still sign in via their GitHub accounts as before. They just need to enter their GitHub profile URL as a first step. Move authentication code into new auth.go file, and remove the legacy ad-hoc sessionsHandler. That handler was created a long time ago, and is now very different from all other handlers. It is quite inflexible. It has now been replaced by more standard handlers. Start keeping track of state in-memory, rather than via cookies. This should be simpler overall. I didn't do this earlier because I hadn't thought of this idea back when implementing the original GitHub-based sign in flow. Updates #34.