IndieAuth is a decentralized identity protocol built on top of OAuth 2.0. Identities are HTTP URIs which delegate to an IndieAuth provider. Badger Who Server should be able to authenticate a given IndieAuth identifier using the Authentication Flow. Who Server does not need authorization and thus does not need to use the Authorization Flow to get a token.
In that respect it more or less replaces the Badger OpenID Connect protocol, and should probably be preferred over that wherever possible as it is a W3C spec. However, I can see value in supporting both, as Badger OIDC supports both acct: and http: URIs.
It's in scope for phase 1 to act as both a provider (#5) and consumer of this protocol, but as Badger Who Server doesn't yet provide user profiles (and I'm not sure if that's in scope) a user would probably need to have a URI they control to delegate to the Who Server to act as the
It may be worth considering having the ability to specify an implicit
authorization_endpoint for certain classes of identifiers (for example, having the ability to delegate any RelMeAuth pages with only Silo links to IndieLogin.com, without requiring an explicit
authorization_endpoint to point to them)
Deleting a branch is permanent. It CANNOT be undone. Continue?