Tootfinder

Duende has released DPoP Support for #aspnetcore via the JwtBearer Extensions NuGet package. This library helps protect your APIs against one of the highest threats to the OAuth ecosystem: the abuse of stolen access tokens.
#dotnet

So I busted out an old laptop and installed headless ubuntu minimal (I like to start small) so that I can start setting up some autonomous agents. My first step was to install Claude Code so that it could setup everything else for me, but after a few hours at it, both Claude and I admit that Claude Code is broken on a headless install. We tried a bunch a different way to get it to take a damn key, but the installer insists on an OAUTH auth that requires a browser.
I have a dislike fo…

Just added a “Sign in with Mastodon” example to Kitten’s¹ examples:
https://codeberg.org/kitten/app/src/branch/main/examples/sign-in-with-mastodon
If I have time at some point, I might make it into a tutorial.
Enjoy!
:kitten:💕

Google Antigravity users say their paid Google AI accounts were banned after linking Gemini models via OpenClaw; Peter Steinberger says he may "remove support" (Marcus Schuler/Implicator.ai)
https://www.implicator.ai/google-restricts

Ich habe gestern einmal feed2toot durch den Fork feed2toot-oauth ersetzt. Das ist ein Drop-In-Replacement, das ursprüngliche Projekt steht seit 2021 still.
https://pypi.org/project/feed2toot/

Clawdbot/Moltbot and the many security issues it introduces:

"This is not speculative. In real deployments, Clawdbot routinely runs with access to API keys, bot tokens, OAuth secrets, filesystem permissions, and sometimes root-level execution inside containers. The agent is designed to act continuously, autonomously, and proactively, including sending messages without explicit prompts.

This architecture is powerful, but it collapses several trust boundaries into a single …

Got my indiekit syndicator for #Linkedin to work 🤓 with a nice backend to refresh the token (using OAuth) via the backend directly with the user linkedin session once every 2 months, it’s a manual step but it’s smooth
https://rmende…

So far I don't care for how I have activityPub integrated in to #tvmarks. It tried to be a full activityPub app but I think I just want to oauth with mastodon/bluesky and make post updates to the authed account.
I guess maybe this will mess up the idea of being able to reply to a post and it shows up on the website as a comment? I'm not sure, but I'm thinking about it.

🔄 Full duplex bidirectional streaming enables client and server to send continuous data streams simultaneously over a single persistent connection - real-time agentic workflows without application-level synchronization
🛡️ Enterprise-grade security built-in: mutual TLS for Zero Trust architectures, native JWT/OAuth authentication hooks, method-level authorization for least privilege principle

Random thought: the centralization of authentication to a few big OAuth providers like MS and Google, combined with services that time out your cookies and force relogins every so often, makes phishing people so much easier.
Want someone's account creds? Just pop up something that looks like a ms or google login form, odds are they're so conditioned by login fatigue that they'll automatically type their creds and TOTP token into it.

die @… lässt sich aus aus OpenRefine heraus ansteuern. Bsp.: Ich habe eine GND-ID einer Person und will wissen, ob die DDB zu der Person Material hat: Edit column > Add column by fetching URLs > dann als GREL "

Hey everyone,
Gaza Verified is now open again for verification calls in 2026.
The new process for signing up for verification calls uses sign in with Mastodon and should remove the last remaining technical hurdle that was giving some of our friends in Gaza a hard time (adding the verification link to your Mastodon account is not intuitive in the current Mastodon interface). With this new flow, you won’t have to, we do it for you.