side-note: we need to have a serious audit / checklist of the authz + authn of the options we have for the / so we can give new projects / dev GOOD suggestions

looking at zot6's auth, I didn't agree with a lot of the hard (read: fixed in stone) options it made - it's not flexible to crypto breaking (if/when the algos mentioned are busted) or recycling of tokens

indieauth has its issues too (no real sense of how to ask for scopes, no 'headless' approach of getting auth)

Sign in to participate in the conversation
Social @ PV

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!