Why Publ Won’t Support Magic Auth Links

Reply: Why Publ Won’t Support Magic Auth Links

The two mechanisms which seemed most promising are AutoAuth and “magic links,” where users get signed URLs that come pre-authenticated and show the full authorized content for that user. AutoAuth is still in a draft phase that’s stuck in a chicken-and-egg situation (and also requires a lot of buy-in to IndieWeb protocols, which is still a pill too large to swallow for most of the folks who follow my blog), so magic feed links seemed like the best path forward. I even got so far as to draft out an implementation, but there’s a few bad issues with it which just made me opt not to.

Hey, thank you kindly for this elaborately outlined post! I don’t have a need for private posts, but I know it would help so many people to have the ability to post/message privately on the Indieweb—so work on this is absolutely vital. And I really appreciate you digging into all the nitty-gritty—I’m working on an RSS reader type thing too and want to take a whack at supporting this.

One question, though—could the Atom feed list ‘rel alternate’ versions of the feed? (That would have type ‘application/atom+xml’?) It also seems like ‘rel self’ could have the non-authenticated version of the feed. It doesn’t make sense for credentials to be in that URL. These are possibly naive suggestions—apologies, if so. Again, fantastic write-up!

PLUNDER THE ARCHIVES