@mariusor you implemented the server side, the client...

@mariusor you implemented the server side, the client side, or both? What interop challenges did you run into when attempting to interop with somebody else’s implementation?

Like 6 Apr 2023 at 5:44 | Open on social.coop

3 comments

marius

@J12t I have the server side (on #FedBOX) and client side on the link aggregator that uses it as a backend, called #brutalinks

But sadly I didn't interop with other clients/servers for either of them.

The main challenges that I can think of:

1/ when a user wants to login using a new client to the server it should be dynamically created on the server.
2/ discoverability of OAuth2 endpoints for each actor - this is handled somewhat by the AP spec.

6 Apr 2023 at 6:01 | Open on metalhead.club

Johannes Ernst

@mariusor so the spec works for you, in the scenario where you control both sides. Which is good to know, but we don’t really need an official standard for that use case :-)
I would suspect that assembling a “full stack” in the c2s scenario is also left as an exercise for the reader, just as in case of s2s.

6 Apr 2023 at 6:18 | Open on social.coop

marius

@J12t yes. I think the most that the spec does is to say (and provide a little support) that OAuth2 should be used.

6 Apr 2023 at 6:33 | Open on metalhead.club