fuck it, i'm going to write a personal oauth2 service

pretty soon on websites you'll see a sign in with google button, and sign in with github button, and a sign in with danny button

  • 2
    I wrote my own authentication setup a year or two ago, and I am shocked at how much I enjoyed writing it.
  • 1
    Ha, now I know your name
  • 0
    @bahua can you elaborate on it? why did you have fun with it?
  • 1

    I rebuilt the ledger app that I'd previously built 15 years ago in my 20s, and which was secured only with a backend of gpg-encrypted files, with the decryption keys hard-coded into the web-executed code. No SSL, basic HTTP auth with an htpasswd-generated file.

    I started by getting a letsencrypt cert(which wasn't available back then). A hash of the decryption key is all that's stored, and a validation operation is run against it in a POST call, to gain access. I write a cookie to the backend(redis) and to the client's machine, and it all runs quickly, reliably, and securely. I also use a unicode character for the logged-in URL. It looks neat.
  • 0
    indieauth.com is amazing, I hope it grows in future
Add Comment