Everyone is now forced to use II 2.0, though it’s not addressed that:
- OAuth is less secure and less private, and passkeys are not harder to use, OAuth is just more familiar. I don’t see why adding it, especially since I didn’t see the community asking for it. For marketing and attracting new users? Frankly, it seems that II 2.0 didn’t attract many new people and just created unrest in the community.
- No way to opt out of OAuth in II 2.0 for developers or for users to disable it as auth method for their II account: it lowers the minimal security level for apps without giving developers control over it or providing an alternative. I remember concerns that giving developers such control might give information about what people use for auth, but it seems to me that introducing OAuth itself created a possibility of such a problem existing, and it seems strange to see that this argument was used in a discussion about concerns about lowering security by introducing OAuth and giving back the higher security options for auth by only using passkeys