So, thinking about things more, the “profile URL” scheme doesn’t make sense for pure OAuth endpoints like Twitter, Facebook, etc. I’m thinking the API should provide two discovery mechanisms: one for profile-type (OpenID, IndieAuth/RelMeAuth, Mastodon), and one for SSO-type (OAuth).
Maybe something like this:
This of course doesn’t do anything to help with “the NASCAR problem” but I don’t think that necessarily needs to be solved so much as weaned off of. And it’s still up to each site owner to decide to support each of the silo handlers and obtain the necessary API keys anyway.
Update: Or I could just, you know, ignore the username…