Aaron Parecki
Aaron Parecki
Examples: * granting access to account information to a financial management app. * granting a third party app access to post to a social media account
Try clicking the pop out chat button from the main YouTube player rather than YouTube studio
We're going to rethink this and bring it up on the mailing list and/or IETF 122
Some quick thoughts on the new proposal: * The `client_id` would be the json document, but the JSON document would contain a `client_uri` which would be the human-readable home page...
I followed the breadcrumbs from that "Login with Weird" above, and found this discussion on Rauthy: https://github.com/sebadob/rauthy/discussions/146 That's a good motivator for updating to this JSON document client metadata discovery...
> Is it microformats if it is a link header and json file? Manifest files do that and do they get complaints? The pushback is on parsing HTML. Who are...
I might just switch this over for a few of my indieauth clients right now. Worst case is someone's IndieAuth server shows them a slightly longer URL than normal, and...
> Would this proposal work with clients running on localhost that can't serve the required document? I'm not sure if IndieAuth currently supports that use case anyway. For clients that...
No, there is an exception for exact redirect URI matching for localhost URLs, see: * https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-4.1.3 * https://www.rfc-editor.org/rfc/rfc8252.html#section-7.3 * https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-11#section-8.4.2 Alternatively, a mobile app on iOS/Android can use app-claimed HTTPS...