Interesting!
Question: another thing I struggle with here is that it seems that an RP needs to register out of band with an IDP before they can accept users from that IDP. Contrary to email, where any email provider goes in a username/password form.
Is that also solved?
2
1
It honestly very much depends on how the RP builds their backend. Generally speaking, RPs that let you disconnect or connect a federated provider on the fly, have a well structured IAM backend / database.
1
So, even if a RP wanted to accept an IDP dynamically (e.g. without a prior agreement, i.e. without a client_id) it wouldn't be able to, right?
1
Is there any existing mechanism (even if not widely deployed) that would allow a user to use an IDP with an RP dynamically (i.e. without a pre arrangement between the RP and the IDP)?
3
1
Dynamic Client Registration, but afaik no major provider supports this because they *want* RPs to have a pre-established relationship.
We built IndieAuth to avoid the need for any client registration and it works great for that use case: aaronparecki.com/2018/07/07/…
1
2
There are definitely some similarities since they are both adding an identity layer on top of OAuth. IndieAuth is a much smaller surface area tho and does less stuff. Some more details here: indieweb.org/How_is_IndieAut…
Oct 8, 2021 · 4:20 AM UTC
1
1


