relme-auth

Sign in with your domain

Try signing in to this site:

For users

You can log in to this site without creating a new account! Instead make sure one (or more) of the methods below is setup.

Providers

PGP

To authenticate with your PGP key add a link to your public key on your homepage.

<a rel="pgpkey" href="/key.asc">Key</a>

Or if you don't want the link to be visible.

<link rel="pgpkey" href="/key.asc" />

Flickr

To authenticate with your Flickr account add a link to your profile on your homepage.

<a rel="me" href="https://www.flickr.com/people/YOU">Flickr</a>

Or if you don't want the link to be visible.

<link rel="me" href="https://www.flickr.com/people/YOU" />

Make sure your Flickr profile has a link back to your homepage.

GitHub

To authenticate with your GitHub account add a link to your profile on your homepage.

<a rel="me" href="https://github.com/YOU">GitHub</a>

Or if you don't want the link to be visible.

<link rel="me" href="https://github.com/YOU" />

Make sure your GitHub profile has a link back to your homepage.

Twitter

To authenticate with your Twitter account add a link to your profile on your homepage.

<a rel="me" href="https://twitter.com/YOU">Twitter</a>

Or if you don't want the link to be visible.

<link rel="me" href="https://twitter.com/YOU" />

Make sure your Twitter profile has a link back to your homepage.

Choosing auth providers

You may want to mark some links up with rel="me", but not want to consider them for authentication. You can choose which will be considered by adding rel="authn" too.

In the following example only Twitter and PGP would be shown as options.

<a rel="me authn" href="https://twitter.com/YOU">Twitter</a>
<a rel="me" href="https://github.com/YOU">GitHub</a>
<a rel="pgpkey authn" href="/public.asc">My PGP Key</a>

IndieAuth

To use this service for IndieAuth, add the following to your pages <head>:

<link rel="authorization_endpoint" href="https://auth.hawx.me/auth">
<link rel="token_endpoint" href="https://auth.hawx.me/token">

More information

To find out more information on RelMeAuth, or other implementations, read its IndieWeb wiki entry.

For developers

It is possible to use this site to provide login for your users.

Redirect a user to relme-auth

The first step is to send a user to relme-auth so they can choose how to authenticate. This is a simple redirect to https://auth.hawx.me/auth with a few query parameters:

me=
The web address of the user who is logging in.
client_id=
The URL to the site they are logging in to. This should be marked up with h-app to provide a name to display. You are also able to whitelist a redirect_uri if it is not hosted at the same domain.
redirect_uri=
Where to send the user after they have authenticated.
state=
A random string that will be passed back after authentication to prevent CSRF attacks.

The user is redirected back to the URI specified

Once authentication is complete the user is sent back to your site with a couple of query parameters:

state=
The random string you originally sent, check this matches before continuing.
code=
A string you will need to verify to complete authentication.

Verify the code

Make a POST request to https://auth.hawx.me/auth to verify the code you recieved. In return you will get the web address for the authenticated user.

POST https://auth.hawx.me/auth HTTP/1.1
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Accept: application/json

code=kgnn18riem3pssk74&
redirect_uri=https://example.com/callback&
client_id=https://example.com/

Will, if correct, receive a JSON response with a value "me".

HTTP/1.1 200 OK
Content-Type: application/json

{
  "me": "https://john.doe/"
}

Store the web address in a secure session and log the user in. You are done.