fuck it, i'm going to write a personal oauth2 service

pretty soon on websites you'll see a sign in with google button, and sign in with github button, and a sign in with danny button

I wrote my own authentication setup a year or two ago, and I am shocked at how much I enjoyed writing it.

Ha, now I know your name

@bahua can you elaborate on it? why did you have fun with it?

@calmyourtities

I rebuilt the ledger app that I'd previously built 15 years ago in my 20s, and which was secured only with a backend of gpg-encrypted files, with the decryption keys hard-coded into the web-executed code. No SSL, basic HTTP auth with an htpasswd-generated file.

I started by getting a letsencrypt cert(which wasn't available back then). A hash of the decryption key is all that's stored, and a validation operation is run against it in a POST call, to gain access. I write a cookie to the backend(redis) and to the client's machine, and it all runs quickly, reliably, and securely. I also use a unicode character for the logged-in URL. It looks neat.

indieauth.com is amazing, I hope it grows in future