Warren, > On Nov 17, 2025, at 6:22 PM, Warren Parad <[email protected]> > wrote: > ... > Since you have a generic oauth client, would you be able to share more about > how that client works, and under which situations you might expect a user to > want to navigate to AS that you don't control? Naïvely I look at this as > similar to me putting a "Configure all your Google Allowed Applications" > button in my app that lets users log in with Google, and I can't think of a > reason why I would want to do that. That is "what's the user story?" Would > you be able to share the user story you are providing support for, for the > users of the implementers of your client? That would be really helpful for me.
Some common things a first-party client provides: - Change profile/password/passkey/2FA/etc. info - Monitor/revoke active logins/credentials for things like "I'm in Ontario but somebody in Australia is logged into my account?!?", "I'm still logged in from my old iPhone?", etc. - Delete account Assuming the AS provides a web page for such things, it would be nice for a generic client to be able to provide access to it to perform the above tasks. ________________________ Michael Sweet _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
