😢 @aaronpk knows my stance on this well - domain-based auth is exclusionary and confusing to users. IndieAuth should just use email addresses, even if it's not doesn't use webfinger and just does s/@([^.*]\..*$/\1/ with the address.
Email addresses *are* domain-based auth. I think you’re conflating two different parts of the system. In IndieAuth, the canonical user identifier doesn’t have to be the thing the user enters in a login prompt. This is also true for almost every other authentication system.
(sorry, catching up ;-) )
I guess my position is that if I could have one thing written on my tombstone on top of a hill made of words, both would say: "The Canonical User Identifier Should Always Be The Thing The User Enters In A Login Prompt" 😂