OAuth for the open web
IndieAuth is a decentralized identity protocol built on top of OAuth 2.0.
Read more about how IndieAuth solves OAuth for the open web.
Read the Spec
The latest version of the IndieAuth spec is available at:
The January 2018 published version is also available at:
Logging in with IndieAuth
You can use IndieAuth to have your users authenticate with their own URL. Logging in to an app with IndieAuth tells the app who has logged in, where the user ID returned is a URL controlled by the user.
Obtaining an OAuth 2.0 Access Token with IndieAuth
If you're building an application that wants to access or modify a user's data, you'll need an OAuth 2.0 access token to use in API requests.
You can use IndieAuth to obtain an access token from the user's own token endpoint, while identifying them in the process.
Choosing an IndieAuth Provider
In order to log in to apps that use IndieAuth, you'll need to tell these apps where your IndieAuth endpoints live. You can either delegate your domain to an external IndieAuth provider, run an IndieAuth provider yourself, or your IndieAuth provider may already be part of the same software that runs your website.
Public IndieAuth Providers
Self-Hosted IndieAuth Providers
- selfauth
- indieauth-openid - proxies IndieAuth requests to your own OpenID provider
- Acquiescence - an IndieAuth server written in Ruby which uses GitHub to authenticate you
- WordPress IndieAuth Plugin - adds an IndieAuth endpoint to your WordPress site
Software with a Built-In IndieAuth Provider
Services with Built-In IndieAuth Support
Frequently Asked Questions
How is IndieAuth different from OpenID Connect?
See indieweb.org/How_is_IndieAuth_different_from_OpenID_Connect