How does it work?
Assuming you understand how the OpenID Connect flow generally works, this app works quite simply:
- A user click “Login with HN”
- On LoginWithHN, the user is given a chance to enter their hackernews username
- LoginWithHN generates a unique one-time-use code that the user must then put into their profile within 5 minutes
- LoginWithHN watches the user’s profile until the code shows up
- Once LoginWithHN verifies the users profile contains the code, the user is is considered authenticated (OAuth2 is really about Authorization but we’ll ignore that distinction for now).
- The user is shown a consent screen (that AuthZ we were talking about) and the only claims possible will be the
As always with OAuth2, you must handle session creation and management amongst other concerns in your application once a user has shown sufficient authority to assume they own the account in question via LoginWithHN.
How does logging in the second time work?
Since it’s pretty tedious to modify your profile every time (and not so great on HN’s servers either), the first time you log in you’ll be able to receive a TOTP code or attach an your email address (which will receive a magic login link).
Once either of them are specified, whenever you attempt to login again, other methods can be used (if you are not already instantly redirected).
Does using LoginWithHN cost anything?
LoginWithHN is free to use (for now). If you’re interested in helping LoginWithHN meet it’s funding needs/bills, Send me an email and I’d love to receive any help you’re willing to provide.
👋🏾 Hey, I’m Victor, I built this.
I built this so I could make projects tailored to the HackerNews community where people could login semi-anonymously with only their HackerNews username. What’s fun about this setup that of course the mechanism is so simple that you could use this to “log in” (in this case an attestation to ability to modify an account) to all sorts of systems, without permission (IndieHackers, Facebook, etc).
I’m a yak shaver by trade so if you have any questions feel free to reach out and we can compare shears.