web-sign-in: Difference between revisions
m (Replace <entry-title> with {{DISPLAYTITLE:}}) |
(→user interface: note preferably to https, similar to IndieAuth spec guidance) |
||
Line 37: | Line 37: | ||
Important details: | Important details: | ||
* The web address input "[........................]" MUST accept | * The web address input "[........................]" MUST accept | ||
** a "plain domain" e.g. tantek.com and canonicalize that to http://tantek.com/ | ** a "plain domain" e.g. tantek.com and canonicalize that to http://tantek.com/ or preferably to https://tantek.com/ | ||
** an http(s) domain without a path e.g. http://sixtwothree.org or https://sixtwothree.org and canonicalize http://sixtwothree.org/ or https://sixtwothree.org/ respectively | ** an http(s) domain without a path e.g. http://sixtwothree.org or https://sixtwothree.org and canonicalize http://sixtwothree.org/ or https://sixtwothree.org/ respectively | ||
Latest revision as of 21:55, 26 August 2021
Use the (Web sign-in) button on a site to sign-in with your personal web address.
When you click a (Web sign-in) button, the site will ask you for your web address, e.g.:
Web address: [........................] (Sign-in)
Web address:
[........................]
(Sign-in)
Enter your personal web address and press return / click (Sign-in).
set up
Your personal site must be set up for web sign-in.
- Link from your personal site to your other profiles. Add
rel="me"
to those hyperlinks. E.g.:<a rel="me" href="http://twitter.com/your_twitter_alias">...
- Edit your other profiles, e.g. your Twitter profile settings, and set the "Web" ("homepage", "Website/Blog") field to your personal site. E.g.
Web http://yoursite.example.com/
- When you use your personal site with web sign-in the first time*, your browser will redirect you to to your online profile, e.g. Twitter, and ask you to:
- Sign-in with your account on that profile (e.g. sign in to Twitter) if you're not already signed-in.
- Authorize the site to use your account, e.g. your Twitter account:
Click the ( Sign In ) button and you should be all set.Authorize Site to use your account?
This application will be able to:
- Read Tweets from your timeline.
- See who you follow.
( Sign In )
* Subsequent sign-ins to the same web sign-in form should be pre-filled with your domain name (e.g. via a cookie from the site) so all you have to do is click (Sign-in). In addition, if the site is properly using HTML5 <input type=url>
, browsers will help you auto-complete your personal web address for you across all sites that do web sign-in.
developers
user interface
For the Web sign-in UI, see the text mockups at the top of this page as a design starting point.
Important details:
- The web address input "[........................]" MUST accept
- a "plain domain" e.g. tantek.com and canonicalize that to http://tantek.com/ or preferably to https://tantek.com/
- an http(s) domain without a path e.g. http://sixtwothree.org or https://sixtwothree.org and canonicalize http://sixtwothree.org/ or https://sixtwothree.org/ respectively
protocol
See the RelMeAuth page for documentation on how to support Web sign-in protocol on your site.
example implementations
- RelMeAuth prototype demonstrates Web sign-in for both read-only/read-write permissions, and provides a simple interface for Tweeting when read-write permissions are provided.
- IndieAuth not only uses Web sign-in but also provides a web sign-in authentication API!
- IndieWebCamp: Try out IndieAuth by signing-in to IndieWebCamp.com.
why
See Why web sign-in on the IndieWebCamp site.