I replied to the following: ↷

mcc (@mcc@mastodon.social)

@jalcine@todon.eu I dunno if I'm such a good judge of what is rust idiomatic but this looks pretty good to me. Could this allow a server app to let someone authenticate using their ActivityPub identity? That's something I'm interested in doing. Is there a reason base OAuth wasn't enough for that and it had to be extended?
byMastodon archived copycurrent

Heh, that works for me!

The spec kinda expands on this at https://indieauth.spec.indieweb.org/#oauth-2-0-extension but tl;dr: it removes the need for private stuff and makes the client ID public so you don't have to do client registration (but it also now forces that clients to be addressable — which could be an issue for headless/console apps but that's easy to work around if you do what Mastodon does with dynamic client registation).

This could if the the identity's info provides endpoints similar to OAuth2 — either an authorization and token endpoint or the singular endpoint that'd have all of that info and more (more at https://indieauth.spec.indieweb.org/#indieauth-server-metadata, I'm opting for this because it makes it easy to expose things like documentation about how it works, what kind of scopes are supported and the like).

Posted with Quill at in Everything

Shared to @jalcine@todon.eu

Engagement is powered by Webmentions — a premier standard of the Web to let other sites know you've mentioned them. Learn how to reply from your own site. or from a supported silo Aaron has an interactive post about this. If you've mentioned this URL via another one, use the form below to submit it.

If you don't currently own your replies, then you can click below to do so.

I currently aim to own my comments and plan to eventually show those I've received once I finish Lighthouse.