[tantek][Joe_Crawford] your /projects page made me double-check my decades-out-of-date projects page where I rediscovered that the first HTML-based slide deck presentation I gave and thus authored / published was in 1998-01-06 (!!!) on CSS: https://tantek.com/presentations/19980106WebBOF/
carrvoSetting aside a definitive solution, can we think of what behaviours we would like introspection auth to have? Maybe 1) no pre-registration (no need for manual steps or information that cannot be obtained during the code flow) 2) RS should identify as itself (its URI)
LoqiPKCE is short for Proof-Key for Code Exchange (pronounced "pixie"), a standard (RFC 7636) extension to OAuth 2.0 that is used by IndieAuth, that protects against intercepted authorization codes during the OAuth flow https://indieweb.org/PKCE
[aciccarello]Indiekit gives a nice warning about when it's missing which is nice
GuestZero__, GuestZer-, nanoflite, [KevinMarks], nemonical, thegreekgeek, GuestZero, gRegor, NaomiAmethyst, jak2k and xgpt joined the channel; sephy left the channel