OAuth has become the de facto standard for authorization and authentication on the web. Nearly every company with an API used by third party developers has implemented OAuth to enable people to build apps on top of it.
While OAuth is a great framework for this, the way it has ended up being used is ...
In this last episode before David Shanske and I head to the Indieweb Summit in Portland, Oregon, we discuss updates to people’s Indieweb experience, little things David has hidden in plugins, web-signin vs IndieAuth, etc.
We’re both looking forward to seeing those of you who can join us in Portland.
WebAuthn (the Web Authentication API) allows browsers to make use of hardware authenticators such as the Yubikey or a mobile phone's biometrics like a thumbprint reader or facial recognition.
I’ve been interested to see Aaron’s opinion of this when I saw it come across my radar the other day. Glad to have a simple overview of it’s functionality now, particularly from someone who’s literally written the book on authentication.