IndieAuth is a protocol for Web Sign-In. It’s a standard on top of OAuth that defines how to obtain an OAuth 2.0 Bearer Token for an End-User represented solely by an URL.
The protocol inspects your website for metadata that specifies which authentication endpoint you want to use and then proceeds with the OAuth token negotiation with that endpoint.
Supporting IndieAuth in a service means letting users bring their own authentication provider. This provider can be a website like
micro.blog, your own OpenID proxy, or another Web Sign-In enabled provider like
To configure IndieAuth as a user, all you need to do is to inform the authorization provider endpoint in your website. For example, when using
<link rel="authorization_endpoint" href="https://indieauth.com/auth">
rel="authorization_endpoint"is deprecated on the IndieAuth spec but it’s what IndieAuth.com supports at the moment.
The latest standard can be found at https://indieauth.spec.indieweb.org.