Authl
Authl copied to clipboard
PlaidWeb
A library for managing federated identity
The current Twitter profile uses `https://twitter.com/username#USER_ID` which allows linking to the user's profile and also provides user-ID consistency, preventing the obvious hijacking issue of a user changing their username and...
`itsdangerous` only supports HMAC-style signing of payload data, but really it would be better to use proper encryption so that `tokens.Serializer` is usable on deployments which need PKCE et al...
In case we really want to support Ubuntu Launchpad and Livejournal. And Dreamwidth except they're talking about adding IndieAuth support anyway.
Most auth methods involve making an additional HTTP connection back to an external server, and this connection has the potential to time out. It's pretty easy for someone to DoS...
A lot of folks (and IndieWeb guidance) still refer to [RelMeAuth](https://indieweb.org/RelMeAuth). This could be supported in Authl, although it might not be particularly straightforward. Idea for the flow: 1. RelMeAuth...
When authenticating an email address, see if there's an associated avatar via those services, if so configured.
Tumblr is still a thing, would be nice to allow logins with that. TBD if it's actually reasonable to do though, because of the capricious nature of their profile URLs....
If the JS code can be structured such that there's no top-level async functions, and old browsers (e.g. IE11) simply elide the attempt to check the remote URL, older browsers...
Should be straightforward to implement, and very useful for mobile app services.
For some reason, people still use Facebook.