Tonight I've been investigating a few things for my #Postman API Hack and I've found that Postman's OAuth2 support is pretty awesome - it works very nicely with #Indieauth which is an important part of my hack 😉 I'm also pretty happy with what I'm planning on doing - hoping to get some good progress with the hack itself this weekend, too!
Just to throw this out there, IndieAuth is a very small addition to OAuth 2.0 which adds identity into the system in a much lighter weight way than OpenID Connect. Mastodon could easily add this extension to return the user ID of the user who just authenticated. The login form on OwnCast would ask the user to enter their server name, and do discovery on the server to send the user there to log in.
I did a talk about how Mastodon/ActivityPub apps can use IndieAuth to accomplish this kind of thing. The video is available -- of course -- on my website: https://aaronparecki.com/2020/09/22/25/activitypub-oauth-2-1
Just published two minimal packages to help building micropub applications!
The second one is a small IndieAuth middleware that can be easily plugged into an Express.js app!
#IndieAuth is a pretty neat thing, and as I'm already a big #RSS user (have been since they were in general use, just never dropped them) I guess it'd be cool to have what amounts to a way to log into various sites that I don't feel called to make single accounts for and certainly don't feel like giving access to my Gmail or Facebook.
Trouble is, I have very few places where I can put a ref="me" and a lot of the people I know don't either. Many sites don't let us edit the style sheet.