2021-09-19 UTC
# Zegnat I guess I am thinking of how IndieAuth can make use of the introspection standard with defining as few things as possible. If it continues to be its own endpoint, the only thing we define is how to discover it, which sounds like an essential part of IndieAuth anyway (making OAuth endpoint discoverable for non-registered clients). And then we could declare authentication on introspection optional for accessing information about a token