Libove Blog

Personal Blog about anything - mostly programming, cooking and random thoughts

Implemented IndieAuth

I just finished implementing IndieAuth, which allows me to login to sites and tools, which support this, using my blog. The main reason I've implemented this is because I want to use Micropub to write and publish. At the moment creating an new entry is a bit cumbersome. It's ok for longer posts but it prevents me from doing things like bookmarks or check ins.

If you want to implement IndieAuth yourself I recommend using the living standard document directly. I've started using the wiki page as reference and later realised that it was outdated (the outdated content has been removed in the meantime). IndieAuth is basically OAuth2 with a few additions and conventions. If you are already familiar with OAuth2 you probably not have many problems implementing this. My (first) implementation can be found in this pull request.

Before I continue with Micropub, I have to do some refactoring as the code is still a bit rough around the edges.

Things I learned while implementing IndieAuth:

  • CSRF does not require server state. You can use the Double Submit Cookie
  • Learned how PKCE works and that it is rather simple.
  • Got a deeper understanding of OAuth2 in general. Previously I always used server and client libraries (as any responsible developer should!)