OAuth, IndieAuth, and the Future of Authorization APIs

Accepted Session
Short Form
Scheduled: Tuesday, June 24, 2014 from 2:30 – 3:15pm in B202/203


You use OAuth every time you log in to Facebook or Twitter, but what if you could use it from your own website? What if your own domain became a source of data, and you had your own personal API? By decentralizing authorization to your own domain instead of a silo, you control when, how, and to whom your data is shared.


Now that the OAuth 2.0 framework is being used by most API providers, where can we take it from here? What if you could use OAuth to allow a mobile app to create posts on your own server? How can OAuth be used to enable the future of quantified self devices and empower you to own your data?

Come get an overview of how individuals are using IndieAuth on their own domains to let third-party apps post content to their sites.

In this talk you’ll learn how to set up your website as your own identity provider, and learn how OAuth and IndieAuth can enable you to own your own data. Learn how you can allow third-party apps to create content on your personal website, such as an app that saves all your Instagram photos to your own site! Learn how OAuth’s roles of the authorization server and the resource server are separate, and why you may want to build one and let someone else build the other. Learn how OAuth has been designed to support a distributed Web, and how you can start today!


oauth, indieweb, ownyourdata

Speaking experience

I've spoken at OSCON, SXSW, WebVisions, ├średev and many more! See my full speaking history here: http://aaronparecki.com/presentations