oauth auth

[stevekrouse]

Now that we have oauth dynamic registration (which we built for mcp) we should be able to do oauth here as the default instead of an api key, right? (api key can still be a backup option)

Recent user feedback on twitter reminded me:

https://x.com/aren55555/status/2014842576646623655

@404Wolf - any thoughts?

Context on how to use dynamic mcp: https://www.val.town/x/std/oauth

[404Wolf]

Hi @stevekrouse, we might be able to make this work with dynamic oauth, but I'm a bit skeptical it's the best path. With dynamic oauth you have a callback on the internet to hit with the result of authing, but vt is local. Maybe we can allow loopbacks and can redirect to localhost, where vt spins up an http server on some port, but it's a bit brittle and there's a canonical solution to this.

I think what we really want is device auth, which works by polling a server for those credentials, and shows a code for added security (since you are doing the actual login part from an external platform -- the browser). However, I don't think it's too crazy to get device auth working, and I'll see what I can do!

[stevekrouse]

Ok, appreciate it!