Kittybox should support implementing IndieAuth as an identity provider. This would allow to log in to websites supporting IndieAuth (and OAuth2 in general) using Kittybox-provided identity, putting users in control of their online identity and user authentication.
Preferable source of authentication should be some form of passwordless WebAuthn (since passwords are so 20th century). Most computers containing Windows allow for WebAuthn using built-in TPM, and similar functionality can be seen on latest smartphones using their built-in cryptographic storage.
A password or a generated token could be allowed as a password recovery method or if a user doesn't have a device that supports WebAuthn. Not everyone can upgrade their OS, buy a YubiKey or a latest smartphone.
Almost done. Need to implement the storage backend, over which the IndieAuth identity provider is generic, and a method to retrieve user profiles (probably by reading the database - seems like the easiest way).
Make anything that returns user profiles generic over
kittybox::database::Storage, retrieve h-card for
mevalue (or the current host, if not specified) and convert it into
u-emailif the corresponding scope was not granted.