In reply to a post by Aaron Parecki on
Some more info on OAuth 2.1 from the @oktadev blog: OAuth 2.1: How many RFCs does it take to change a light bulb? https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs

How are the new OAuth2 things going to impact IndieAuth if at all?

Reply: a post by Aaron Parecki on
The biggest change is that really every IndieAuth server and client should support PKCE. A few of them do already. I'll make a list of other recommendations as well.