[jFriedensreich]

It's impossible to consider ATproto apps usable until the horrific oauth situation is fixed. It's still not possible to adjust oauth permissions to something restrictive dynamically so every app needs a new account which kind of defeats many of the interop promises, if apps even allow it (colibri requires invite code)

[verdverm]

Permission sets have existed for some time now

https://atproto.com/guides/permission-sets#permission-set-de...

[throwawaymobule]

Those are set by the site requesting the login though.

I believe what they are referring to is custom permissions set by the person logging in, regardless of what the app itself requested.

e.g. login, disable all writes, all attempted repo writes using that oauth token fail.

[verdverm]

It sounds more like they are referring to the prior atproto transition:* scope that had no restrictions, which was horrible, re: every app needs a new account

Today, apps can limit the permissions they request during login. I don't see the dynamic, assuming they mean something where during approval you can deselect options, as a horrible situation. That's something very few apps do even outside of atproto.

[jFriedensreich]

No I am talking about users not being able to change the app permissions. App developers are not the ones to set my permissions, they can reccomend what their apps could need but any platform not giving users final say cannot be taken seriously.

[verdverm]

You must not use very many apps, or must have a ton of accounts. Plenty of apps taken seriously that don't have this dynamic feature. (speaking generally, not specific to atproto)

[jFriedensreich]

Not aware of many apps that force oauth and don't allow email signup... The only exception some github centric apps that request too much and then are mostly let down by github not getting their auth screens up to standards for years, but who is surprised there. I just don't try those unless i already trust the company and really need to.

But all that aside i think a protocol aiming to liberate users and be an open app platform cannot be held to the same standards as corporate garbage that we don't expect to behave differently. Atproto needs to show some commitment to the values of putting users first, its so close.