2021-07-05 UTC
# Zegnat I am thinking of the Gemini case a little. Where people can send a cert along with each request to say “this is me”. If I have obtained an authentication token from tokens.indieauth.com (through a ticket or other means) that has a me value of "https://vanderven.se/martijn/", I can start sending that token along to every site I know that has tokens.indieauth.com as their token_endpoint. They trust that token provider, so they can