#fediforumfriday: this week I've mostly been working on a side project experimenting with OAuth for decentralized & distributed web; To bootstrap this, rather than writing it all from scratch, I worked on reusing the atproto/oauth-provider package, which provides a LOT of functionality (including user registration & authorisation flows)
The OAuth profile is basically OAuth 2.1 + Client ID Metadata Documents + Pushed Authorization Requests + DPoP binding (prevents token theft) + Protected Resource Metadata (discover the authorization server from the resource)
The cool thing? All the SDKs for AT Proto for implementing OAuth servers & clients should mostly be reusable, easing adoption.
https://bsky.app/profile/thisismissem.social/post/3lyz3uigtn22g
I was also involved in conversations that lead to FEP-8967, which recommends software use Link objects in the attachment's to Objects (i.e, Notes) that the software or publisher wishes to prioritise the display of (rather than parsing out the first link in the content). This would also work for previews for links being federated in the future.
https://socialhub.activitypub.rocks/t/fep-8967-generating-link-previews-for-attached-links/5598
Besides that, just a lot of other conversations going on.
