side-note: we need to have a serious audit / checklist of the authz + authn of the options we have for the #indieweb / #fediverse so we can give new projects / dev GOOD suggestions
looking at zot6's auth, I didn't agree with a lot of the hard (read: fixed in stone) options it made - it's not flexible to crypto breaking (if/when the algos mentioned are busted) or recycling of tokens
indieauth has its issues too (no real sense of how to ask for scopes, no 'headless' approach of getting auth)
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!