RicardoFeb 22

Fixed: IndieAuth login broken for third-party apps

After adding security headers (Content-Security-Policy) to harden the site, logging in with IndiePass and other IndieAuth clients silently failed — tapping “authorize” did nothing.

The culprit was form-action ‘self’ in the CSP, which blocked Browsers from following the consent form’s redirect to the client’s callback URL (e.g., indiepass.app/android-callback).

Changed to form-action ‘self’ https: to allow IndieAuth redirects to any HTTPS callback. Affects all third-party IndieAuth clients (Micropub editors, Microsub readers, etc.), not just IndiePass.

🔗 https://rmendes.net/notes/2026/02/22/a202f

winkJan 21
Stumbled over #IndieAuth again and am once again reminded that I (badly?) chose all my domain names that I like them, but not have them as my "handle" on any platform. I don't want to be @f5n.org - so this is something of a problem for adopting that pattern.
Brennan Kenneth BrownJan 8

Building an IndieAuth Comment System for Your Static Site | 🔗 https://brennan.day/building-an-indieauth-comment-system-for-your-static-site/

#indieweb #eleventy #netlify #javascript #indieauth #tutorial

Building an IndieAuth Comment System for Your Static Site

A journey through authentication, CORS issues, and the joy of owning your comments! Learn how to build a comment system for your static site using IndieAuth and Netlify Functions, storing the comments in your git repository.

brennan.day
Show threadRoss A. BakerJan 1

Finished my December Adventure with an unfinished project, as is tradition. I'm in the process of extracting a standalone IndieAuth client atop the OAuth2 crate. Full adventure log:

https://rossabaker.com/series/december-adventure-2025/

#DecemberAdventure #IndieAuth #Rust

Ross A. Baker: December Adventure, 2025

Show threadRoss A. BakerDec 18

My December Adventure detoured into an implementation of IndieAuth. I need an authenticated section to process the pending Webmentions before they're made visible to the public. Instead of maintaining my own credentials, I wanted to stay in the IndieWeb spirit and authenticate against my own website and its rel=me links. Success!

- more on IndieAuth: https://indieauth.net/
- ongoing adventure log: https://rossabaker.com/series/december-adventure-2025/

#IndieAuth #Webmentions #IndieWeb #DecemberAdventure

IndieAuth

RedPacket SecurityOct 24

CVE Alert: CVE-2025-12028 - indieweb - IndieAuth - https://www.redpacketsecurity.com/cve-alert-cve-2025-12028-indieweb-indieauth/

#OSINT #ThreatIntel #CyberSecurity #cve-2025-12028 #indieweb #indieauth

CVE Alert: CVE-2025-12028 - indieweb - IndieAuth - RedPacket Security

The IndieAuth plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4. This is due to missing nonce

RedPacket Security
Show threadDecenta Lyzed ☯️🇬🇱Sep 18

http://Mitra.social should work with #indieweb standarts of #indieauth #indielogin
it does allow auth login via #GPG #PGP

@silverpill

Mitra - Federated social network

Federated social network

GenxJul 8, 2025

Error when trying to login with IndieAuth

https://genxnotes.com/post/id/error-when-trying-to-login-with-indieauth

#IndieAuth #Indieweb

Show threadJoe CrawfordJun 28, 2025
If you have your own GitHub profile url as a primary link on your Mastodon/Fediverse profile url and vice versa you can "Log In" with your profile url and use #IndieAuth to RSVP for this event. And of course you can use your own domain with that. #IndieWeb RSVP-ing is optional, as stated. We'll be around, webmastering.
MOULE Apr 15, 2025

I'm slowly getting the hang of IndieWeb building blocks. Today I set up IndieAuth on my server using selfauth! Now I can authenticate myself as "moule.world" on any website that supports IndieAuth, including Owncast livestream chats!

How to setup selfauth: https://indieweb.org/selfauth

My next plan: making an "announcements" section of my website, which will use microformats2, support webmentions, hopefully Fediverse reactions and comments, and of course good ol' RSS.

#IndieAuth #IndieWeb #SelfAuth

selfauth

selfauth is a single user authorization endpoint written as single-file PHP without a database.

IndieWeb