Currently, it is possibly to sign in to home only via GitHub. While this has worked well and provides a simple user experience, it has some downsides:
requires having a GitHub account
doesn't work when github.com is down or unavailable
I want to make it so there isn't a single point of failure and so people can sign in without having a GitHub account, but I don't want to compromise on the user experience.
The following options are not great:
usernames and passwords - no one wants to create and remember those (especially for a small site they visit rarely); susceptible to name squatting
additional sign in providers - it becomes hard to remember which of multiple sign in providers you used last time, leading to a bad user experience
Instead, I plan to resolve this by switching to a URL-based sign in flow, and adding support for signing in via the IndieAuth protocol. IndieAuth is a decentralized identity protocol built on top of OAuth 2.0. Its latest specification is available at https://indieauth.spec.indieweb.org.
To sign in, a user will enter a URL they control. If they want to continue to sign in via GitHub, they can enter a URL like https://github.com/dmitshur:
When entering a github.com user profile URL, GitHub will be used to authenticate as before.
Users will also be able to sign in with any other URL they control that supports IndieAuth, such as https://example.com. This URL can be short and memorable, like one's personal website.
dmitshur
commented
4 years ago
Currently, it is possibly to sign in to
homeonly via GitHub. While this has worked well and provides a simple user experience, it has some downsides:I want to make it so there isn't a single point of failure and so people can sign in without having a GitHub account, but I don't want to compromise on the user experience.
The following options are not great:
Instead, I plan to resolve this by switching to a URL-based sign in flow, and adding support for signing in via the IndieAuth protocol. IndieAuth is a decentralized identity protocol built on top of OAuth 2.0. Its latest specification is available at https://indieauth.spec.indieweb.org.
To sign in, a user will enter a URL they control. If they want to continue to sign in via GitHub, they can enter a URL like https://github.com/dmitshur:
When entering a github.com user profile URL, GitHub will be used to authenticate as before.
Users will also be able to sign in with any other URL they control that supports IndieAuth, such as https://example.com. This URL can be short and memorable, like one's personal website.