sknebel
commented
5 years ago Notes from discussion today:
partial verification can be somewhat transparent to the client if the authorization endpoint has an external way to contact the user (e.g. a push message). doing it explicitly ("please point the user to this url to confirm your request") could be trickier.
A lot of this would probably also apply to interactive login to another site (the difference to IndieAuth here being the discovery not from the profile URL, and the other site's token endpoint being involved). Potentially also some overlap with use cases, e.g. a feed reader requiring per-feed confirmation, since subscription likely is interactive. Other use cases?