Oddbean new post about | logout
 there is openid which no one uses
and there is openid connect which is basically a majority of enterprise implementations along with SAML

unfortunately no what you are saying used openid not openid connect

and a “nostr identity provider” defeats the entire point since you can just use passkeys or the npub directly depending on need 
 Why would it defeat the point entirely? The nostr ID provider gives the nostr app a session token, refresh token and ID token so that you don't continuously have to log in everytime you click a button on the page.  
 what do you need a refresh token for if you are getting an npub once
how do you trust the ID provider 
 Refresh token so you don't need to log in every 15 minutes (because session token should not be long lived). There isn't much trusting to do with the ID provider. You have to trust that the software works. It's like using the "login with Google" or "login with Facebook" buttons. They also use OIDC. In those cases, you have to trust them with your personal info. With this nostr ID provider, you hold the personal info on your device. We can maybe have some sort of encryption scheme between the nostr app and your phone app to make sure the info doesn't leak in transit. And tbh so far nostr apps have asked for your name, username, maybe an email. You can always enter fake or burner info in your device app so that nostr ID provider gets nothing. Its a very low trust system IMO. 
 please read up on what a refresh token is for 
 Lol I know what it's for. I don't think you're following this convo.