Doesn't this depend on the IDP to hand you a client_id before hand?

Yes, that would always be the case for these types of use cases.

So, even if a RP wanted to accept an IDP dynamically (e.g. without a prior agreement, i.e. without a client_id) it wouldn't be able to, right?

There are discovery mechanisms but they're not widely used for this use case.

Is there any existing mechanism (even if not widely deployed) that would allow a user to use an IDP with an RP dynamically (i.e. without a pre arrangement between the RP and the IDP)?

Dynamic Client Registration, but afaik no major provider supports this because they *want* RPs to have a pre-established relationship. We built IndieAuth to avoid the need for any client registration and it works great for that use case: aaronparecki.com/2018/07/07/…

Will read more carefully tomorrow.

Ok, I did look into this more carefully and I remember running into this earlier. How does this relate to OIDC? Is it fair to characterize it as an alternative to it that operates on the same level/layer (e.g. both are extensions to oauth?)?

FWIW, yes, what's described in that article you linked me to is precisely the problem that I think needs to be solved to unlock the nascar flag problem. @timcappalli @vibronet any thoughts on the problems outlined here? or is that a non-problem for you? aaronparecki.com/2018/07/07/…

@aaronpk on a related note: does any part of IndieAuth break when browsers block third party cookies?