In reply to
Some more info on OAuth 2.1 from the @oktadev blog:

OAuth 2.1: How many RFCs does it take to change a light bulb?


How are the new OAuth2 things going to impact IndieAuth if at all?

The biggest change is that really every IndieAuth server and client should support PKCE. A few of them do already. I'll make a list of other recommendations as well.