Aaron Parecki

No, in the sense are these designed such that two different RPs get the same global identifier for the same user?

"Because these URLs rely on the public web and DNS, they are guaranteed to be globally unique." -- ugh, is this a feature or a bug? I feel like this isn't going to age well :(

Ok, I did look into this more carefully and I remember running into this earlier.

How does this relate to OIDC? Is it fair to characterize it as an alternative to it that operates on the same level/layer (e.g. both are extensions to oauth?)?

@aaronpk on a related note: does any part of IndieAuth break when browsers block third party cookies?

For those who have renovated a basement for YouTube or streaming, about how much was the total project?

Is there any existing mechanism (even if not widely deployed) that would allow a user to use an IDP with an RP dynamically (i.e. without a pre arrangement between the RP and the IDP)?

At the end of the day, OAuth is just a way to communicate between services and users, and as such it's easy to grasp and non-controversial.

OAuth solved a universal problem – signing into a web site – and, in doing so, created a new problem: how does a site know it's really you?

what I usually say to speakers is a rough title and 3-4 bullet points of what you want to cover as a start-I think why it's challenging is folks try to "sell" the talk from the get go, rather than refine the focus, then worry about selling it

Write the full talk, then train a neural net to summarize the transcript.

Give the same talk repeatedly.

oh but this sentence it made is gold:

"Developed for internal use at Google, OAuth is an elegant solution to making web services easy to use while keeping your private data private."

oh my god it's repeating sentences back to me that I've written in blog posts and other places online 😂

shoot it over and I'll write it for you! :-)

this is why I write a lot of the abstracts for speakers at our conferences! I know speakers often hate this bit the most!

god this post continues to be relevant. I've yet to block someone who is like UM ACTUALLY CRYTPYO IS GOOD ACTUALLY without them having their favorite crytypo in their name and all over their bio
https://twitter.com/Foone/status/1442846073316265984

Thanks @aaronpk for the clarification 👍
So OAuth 2.1 is essentially OAuth 2.0 without the naughty bits :)

Noticed that the resource owner password and implicit grants are removed from the 2.1 (For obvious reasons :))

But doesn't that make the OAuth 2.1 framework backward incompatible with OAuth 2.0?

OAuth 2.1 kind of gives the feeling its a slight(minor) change from OAuth 2.0

And where did you come to point that out? 😉