(Unofficially) Login with HN

An OpenID Connect (OAuth2) provider for HackerNews

Login With HN Register a OAuth2 application

This project is not affiliated with HackerNews or YCombinator in any way

Some Questions you might have

How does it work?

Assuming you understand how the OpenID Connect flow generally works, this app works quite simply:

  • A user clicks "Login with HN"
  • On LoginWithHN, the user is given a chance to enter their hackernews username
  • LoginWithHN generates a unique one-time-use code that the user must then put into their profile within 5 minutes
  • LoginWithHN watches the user's profile until the code shows up
  • Once LoginWithHN verifies the users profile contains the code, the user is is considered authenticated (OAuth2 is really about Authorization but we'll ignore that distinction for now).
  • The user is shown a consent screen (that AuthZ we were talking about) and the only claims possible will be the username

As always with OAuth2, you must handle session creation and management amongst other concerns in your application once a user has shown sufficient authority to assume they own the account in question via LoginWithHN.

How does logging in the second time work?

Since it's pretty tedious to modify your profile every time (and not so great on HN's servers either), the first time you log in you'll be able to add methods for faster future login:

  • Time-based One Time Password (TOTP) code
  • Attaching an your email address (a code will be sent to you)

Once either of the above methods are specified, the next time you log in you will either be instantly redirected (the login session is still fresh) or the least intrusive login method will be chosen (ex. if you set up a TOTP code *and* an email address, TOTP-based login will be presented).

Does using LoginWithHN cost anything?

LoginWithHN is free for your first 50 registered users. Once your app has found some traction, unlimited users and logins for your app is $6/month, or $60/year (2 months free!).

Who built this?

👋🏾 Hey, I'm Victor, I built this.

I built this so I could make projects tailored to the HackerNews community where people could login semi-anonymously with only their HackerNews username. What's fun about this setup that of course the mechanism is so simple that you could use this to "log in" (in this case an attestation to ability to modify an account) to all sorts of systems, without permission (IndieHackers, Facebook, etc).

I'm a yak shaver by trade so if you have any questions feel free to reach out and we can compare shears.