FEP-61cf: The OpenWebAuth Protocol


This is a discussion thread for the proposed FEP-61cf: The OpenWebAuth Protocol.
Please use this thread to discuss the proposed FEP and any potential problems
or improvements that can be addressed.


OpenWebAuth is the “single sign-on” mechanism used by Hubzilla, (streams) and other related projects. It allows a browser-based user to log in to services across the Fediverse using a single identity. Once logged in, they can be recognised by other OpenWebAuth-compatible services, without third-party cookies and often without any explicit user interaction.

This document aims to describe the existing protocol in detail as an aid to implementers, evaluators, and anyone who wants to understand its operation.

This draft is based on reverse-engineering the existing implementations and is focused on the minimal requirements for basic interoperability in an ActivityPub network. OpenWebAuth can also work with other protocols such as Zot6 and Nomad but these are not considered here.

1 Like