Now I’m thinking about it, a user could add a sort of ACL manager pane to their pod, that acts as the consent form in an OAuth dance. When you grant access, an identity URL is created for the app, sort of like a visitor id badge. This guest identity is then mentioned in .acl files (the pane edits those), and the app is given an OIDC bearer token for it. I’ll think this through a bit more and see if I can implement a PoC of such a pane…
1 Like