samiam2013
commented
1 month ago going to ignore Oauth for now, use argon2id or better for self-authentication and need to issue TOTP QR codes
Open samiam2013 opened 1 month ago
samiam2013
commented
1 month ago going to ignore Oauth for now, use argon2id or better for self-authentication and need to issue TOTP QR codes
samiam2013
commented
1 month ago going to have 2 pgp/gpg-like key pairs, one for private subscriptions and one for public. Public subscriptions will be public like they sound and capable of relaying across to other platforms, private, like it sounds will have to be private and inside the platform. private posts will only be able to go to private subscribers unless the author decides otherwise, dictating which key it would be signed with and whether or not that key can be exposed (even the public key of private pairs should be protected from exposure inside the platform), and private subscriptions being the reason an individual platform exists give a strong tie between subscription revenue and feature success
I think we need
userkeypostand others may be required for authentication. I think we should aim for GitHub, google, and apple Oauth options in that order for our audience. I don't want to offer our own implementation of authentication, but I think we may have to offer it and so we can discourage that by making it a last option in the list.