1. Yurt MAY have login/pass auth. It's best for privacy because only yurt knows you. Dangerous to avoid spam, hard to store and manage users. As a partial solution may be used an Magic login link send via email
2. OAuth: login with Google, FB and other silos. Not all yurt owners will configure them: you have to manually register an app/client.
   1. JS "Sing in" buttons tracking users but makes easier to login. We still may use them on auth.jkl.mn which will have a moderate privacy violation.
3. https://auth.jkl.mn is our OAuth Server for all yurts.
   1. All visitors may have SSO. Bad for privacy, must be in iframe, tell to yurt only user_id)
   2. Any Yurt have it enabled out of the box with zero configuration (shared client_id, the same redirect_uri). It's called multi tenant config but not so easy to do.
4. IndieAuth: a yurt owner can login on another sites i.e. kind of own password manager+autogenerated email
5. Social login with jkl.mn: we may become the same OAuth provider as Google, FB. This differs from auth by a yurt with IndieAuth

The XEP-0070: Verifying HTTP Requests via XMPP to confirm signin. See demo

• https://zitadel.com/