Indieauth is a layer on top of Oauth2. It eliminates the need for client registration by making your client id your URL. This solves the issue WordPress had with this.
I think that is not the case to integrate an external service in the core because the project is open source and we will bind to that.At this point is better implement one time password as 2FA that will not bind to a service or a client software like Facebook, Github, and Firefox do.This plugin https://wordpress.org/plugins/2fas-light/ support that as example.
Daniele, I think you are misunderstanding this. IndieAuth is an Oauth2 identity layer that I am proposing would be built into Core and would not depend on an external service. The Indieauth plugin I linked to, which I am a contributor to, implements an authorization and a token endpoint using the REST API, so inside the site itself. The only login you'd use to allow an applicaton to get a token is your WordPress login.
WordPress proposed using a more traditional Oauth2 implementation that requires client registration, and the team there had the idea of running that through a wordpress.org service. The IndieAuth variant could run exclusively inside a WordPress install(the plugin does this already).
Thanks for the clarification, I was thinking that was a service for Oauth2 like many others :-)
I think developers want a way for their applications to get authenticated access to the REST API. That seems to be a constant demand. But few want the overhead or responsibility for third-party servers. This would bake all of that in.
I think this is definitely worth exploring.
Hey Daniele! I should have figured I'd find you here. I hope all is well!
Indieauth is an awesome OAuth2 solution using REST API.
If our goal. Is a stable system using open APIs it makes sense.