Hacker News new | past | comments | ask | show | jobs | submit login
We need domain ownership proof based authentication (dpage.io)
4 points by brisky on May 7, 2020 | hide | past | favorite | 5 comments



DNS.live does this for its free web and DNS hosting [1]. All you need to do is sign any post/api call with the private key associated with the address in control of your handshake tld.

An example is on github [2][3].

[1] https://dns.live/hosting.html

[2] Server: https://github.com/dnslive/dnslive-webserv

[3] Client: https://github.com/dnslive/dnslive-webhost


That is a cool concept. I wish more web platforms would offer similar options.


There is IndieAuth, which adapts OAuth 2 to work with URLs as identities (and being OAuth, can even do authorization): https://aaronparecki.com/2018/07/07/7/oauth-for-the-open-web

https://indieauth.net/


The problem with OAuth - it is too complicated. Both for developers and for users.


OAuth 1 I'd agree with that statement (it's use of crypto gave it more pitfalls), but basic OAuth 2 is really not that bad. It's a few fairly straight-forward HTTP requests.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: