Doesn't this depend on the IDP to hand you a client_id before hand?

Yes, that would always be the case for these types of use cases.

So, even if a RP wanted to accept an IDP dynamically (e.g. without a prior agreement, i.e. without a client_id) it wouldn't be able to, right?

There are discovery mechanisms but they're not widely used for this use case.

Is there any existing mechanism (even if not widely deployed) that would allow a user to use an IDP with an RP dynamically (i.e. without a pre arrangement between the RP and the IDP)?

Dynamic Client Registration, but afaik no major provider supports this because they *want* RPs to have a pre-established relationship. We built IndieAuth to avoid the need for any client registration and it works great for that use case: aaronparecki.com/2018/07/07/…

Will read more carefully tomorrow.

Ok, I did look into this more carefully and I remember running into this earlier. How does this relate to OIDC? Is it fair to characterize it as an alternative to it that operates on the same level/layer (e.g. both are extensions to oauth?)?

There are definitely some similarities since they are both adding an identity layer on top of OAuth. IndieAuth is a much smaller surface area tho and does less stuff. Some more details here: indieweb.org/How_is_IndieAut…

"Because these URLs rely on the public web and DNS, they are guaranteed to be globally unique." -- ugh, is this a feature or a bug? I feel like this isn't going to age well :(