Aaron Parecki

‪While that sounds nice in theory, the real world is more complicated. Apple's OAuth server is a great example. User IDs are scoped to the app to prevent cross correlation, and the app gets a proxy email instead of the user's real email. Users don't always want to be identified.‬

I was trying to say feel free to pick and choose and use just the client ID part. I think that'd be a huge benefit for OAuth as a whole for the exact kind of use case you're talking about.

‪Doesn't have to be a top level domain, just a URL. Both users and apps are identified by URLs. ‬

‪I do think there's value in just client IDs being URLs in some cases, demonstrated by the fact that Home Assistant picked out just that part of the spec for their OAuth API.‬

You're not wrong.

You may want to give this a read, which addresses that exact problem: https://aaronparecki.com/2018/07/07/7/oauth-for-the-open-web

We use this a lot for the case you're talking about, where app developers have no relationship with the OAuth service the app is talking to.

Microformats != Microdata

https://microformats.io

tbh I also can't stand the itemprop= itemscope= stuff, it's so messy. That's why I like the Microformats approach instead.

a perfect example 😂

Like I said already, only if you care about SEO. If SEO is your goal, you do what Google says. There's plenty of uses of structured data outside of that (including the tools that I use to read and post to Twitter) which are easier done using Microformats

Literally on http://schema.org... "Founded by Google, Microsoft, Yahoo and Yandex..." and look at the names on their about page too. Even if it's not created exclusively by them (which I never said), that looks an awful lot like an oligopoly to me anyway.

Frankly "linked data" is not a priority for me. There's plenty of useful structured data that is not LD, and tbh most developers who use JSON-LD don't even know about the LD part, they just copy the examples and wonder why they have "@context" everywhere

Yes, read the linked post, it's from 2016

If all you care about is SEO then do whatever Google says to do this year and you're fine. Today that's JSON-LD, tomorrow it's ???? I need to update this chart for 2020 but as we see, history keeps repeating itself. https://aaronparecki.com/2016/12/17/8/owning-my-reviews#historical-recommendations

You might be surprised what you can do with Microformats...

https://aaronparecki.com/2018/03/12/17/building-an-indieweb-reader

Even this tweet originated from my own website using tools built on Microformats.

the guy that runs your website must be really good

It's all a giant pile of PHP code I wrote ages ago, it's not even map-projection-aware it just plots on a 2D canvas. The animation is basically a timelapse of a bunch of frames of that same script played in a row.

so far it's been mostly the other way around, but mainly because I did a big push on my personal channel while on PTO in December 😄 which paid off cause I went from 200 to 1500 subscribers in like 7 weeks 🎉

by "fragile" I mean things like vulnerable to popup blockers, popups are bad UX on mobile browsers, etc.

The spec has a way the AS can provide a URL that the user should visit to the app. So the app has to get the user to that URL somehow, doesn't matter how, and doesn't matter what that URL is.

There's also a new draft, Pushed Authorization Requests, which moves a bunch of the fragile bits out of the front channel. Similar but slightly different goal. https://tools.ietf.org/id/draft-lodderstedt-oauth-par-00.html

That's basically what the Device Flow is, except manual. You certainly could do that. I suspect it would be fragile at best though, and wouldn't work well in mobile browsers.

That is a really good summary! I learned a few things, I haven't really used any of the new features in 7.3+!