IndieAuth is a protocol for Web Sign-In. It’s a standard on top of OAuth that defines how to obtain an OAuth 2.0 Bearer Token for an End-User represented solely by an URL.

The protocol inspects your website for metadata that specifies which authentication endpoint you want to use and then proceeds with the OAuth token negotiation with that endpoint.

Supporting IndieAuth in a service means letting users bring their own authentication provider. This provider can be a website like, your own OpenID proxy, or another Web Sign-In enabled provider like

To configure IndieAuth as a user, all you need to do is to inform the authorization provider endpoint in your website. For example, when using

<link rel="authorization_endpoint" href="">

Using rel="authorization_endpoint" is deprecated on the IndieAuth spec but it’s what supports at the moment.

The latest standard can be found at