#cwebber2aaronpk: another question, does this mean that since micropub has indieauth as a SHOULD that it needs it to go through the same process that microformats / etc had as in terms of a "stable" living spec?
#cwebber2we talked about maybe using the same workflow, and I'm trying to iron out this part of APub/ASub, so I'm looking into what that means
#cwebber2or is it not required because it's SHOULD rather than MUST?
#cwebber2it certainly seems like it would be a good idea for it to have a more stable specification if it's going to fill such a large gap of our specs
#aaronpkthere's a new iOS api that lets you open an embedded browser that still shows the address bar and the app doesn't have access to the data, so you can do OAuth without having the user switch apps. i don't have an example of that yet tho.
#aaronpkbut ultimately for those kinds of questions, the answers that OAuth2 provide should apply here as well
#cwebber2aaronpk: yeah unfortunately we also have a lot of gnu/linux distro desktop users, so the fragmented means of handling this on mobile stuff and lack of real standards for this doesn't solve it, so! guess I'll have to see how oauth2.0 handles it
#cwebber2aaronpk: I'm still pretty green to diving into the world of oauth 2 (and I only briefly dipped my toe in oauth 1, tsyesika did most of that work) so I'm finding myself overwhelmed
#aaronpkthere's also a "device flow" for OAuth 2 which is meant for logging in to devices that don't have a full browser, like TVs or other hardware
#aaronpki've seen some desktop apps do what appears to be the normal oauth flow, but instead of automatically redirecting after the user signs in in a browser, they just say "close the browser and return to the app" and the app has a "continue" button, pressing "continue" is essentially the redirect
#aaronpkso basically the normal web app flow, but a manual click instead of automatic redirect.
#cwebber2aaronpk: the not super pleasant way that the destop pump.io applications did things was to have the user copy and paste back in the token