Feedback appreciated, either as replies, GH issues, or at indieweb.org/discuss
Tonight I've been investigating a few things for my #Postman API Hack and I've found that Postman's OAuth2 support is pretty awesome - it works very nicely with #Indieauth which is an important part of my hack 😉 I'm also pretty happy with what I'm planning on doing - hoping to get some good progress with the hack itself this weekend, too!
Just to throw this out there, IndieAuth is a very small addition to OAuth 2.0 which adds identity into the system in a much lighter weight way than OpenID Connect. Mastodon could easily add this extension to return the user ID of the user who just authenticated. The login form on OwnCast would ask the user to enter their server name, and do discovery on the server to send the user there to log in.
I did a talk about how Mastodon/ActivityPub apps can use IndieAuth to accomplish this kind of thing. The video is available -- of course -- on my website: https://aaronparecki.com/2020/09/22/25/activitypub-oauth-2-1
Just published two minimal packages to help building micropub applications!
The second one is a small IndieAuth middleware that can be easily plugged into an Express.js app!