I learned a lot about writing WordPress plugins making this! Kinda cool that you can completely take over the WordPress login screen like this too. https://developer.okta.com/blog/2018/10/30/wordpress-authentication-with-okta
@aaronpk Sounds interesting. But doesn’t it mean that our account details will be stored on the Okta site, and not our own sites? Doesn’t that conflict with Indieweb principles, and also put Okta in a complex position regarding GDPR and other regulations?
Or am I completely misunderstanding?
@devilgate Yes, that's the idea in fact. Re: GDPR, there's plenty about that you can read here https://www.okta.com/gdpr/ But on the IndieWeb front, it's totally fine to outsource various parts of your website, as long as you own your online identity. That's why using a web host like micro.blog is still in line with IndieWeb principles as long as you point your domain to it. Using Okta to handle logging in to your own site is just outsourcing the internal user account management. There are some things I would rather have an expert do well for me rather than doing a poor job of it myself.
@aaronpk Good points. I think I was thinking in terms of, my users’ accounts are “my data” in some sense, so I should own it. But as you say, outsourcing is fine.
@devilgate Yes, that's the idea in fact. Re: GDPR, there's plenty about that you can read here https://www.okta.com/gdpr/ But on the IndieWeb front, it's totally fine to outsource various parts of your website, as long as you own your online identity. That's why using a web host like micro.blog is still in line with IndieWeb principles as long as you point your domain to it. Using Okta to handle logging in to your own site is just outsourcing the internal user account management. There are some things I would rather have an expert do well for me rather than doing a poor job of it myself.
@devilgate Yep outsourcing is fine as long as you have a way to migrate to another provider! If we didn't hold that principle, it's a slippery slope to start saying everyone should host their site from a server in their house, and from there to having to build their own hardware. Gotta draw a line somewhere, and ours is identity and data portability.