Other OAuth Providers

The Zapf protocol is designed to be extensible. Identity Authorities (IAs) can implement any number of external OAuth Legacy Identity Providers (LIDPs) to support niche communities or enterprise users.

Common targets include:

GitHub (github)
Google Authenticated Profiles (google)
LinkedIn (linkedin)
Reddit (reddit)

Standardization Rules

If an IA operator implements a new OAuth provider, they must adhere to the standard Zapf protocol conventions.

1. Unified Prefixing

The lidp name MUST be short, lowercased, and appended with a colon before the identifier to create the raw string. Example: github:flzpace

2. Immutable Identifiers

The chosen identifier must be guaranteed permanent by the underlying platform. For GitHub, the username is changeable, so an IA should hash the numeric user ID (e.g., github_id:12345) to prevent account takeover vectors, even if the frontend UI resolves handles for UX purposes.

3. Shareable Evidence Payloads

Because these are OAuth providers, the IA MUST package the resulting access_token into a NIP-44 encrypted evidence payload. This allows the user to securely execute Evidence Sharing with other IAs in the ecosystem without needing to constantly re-authenticate.

General JSON Evidence Schema

For any generic OAuth provider, the internal decrypted evidence payload should follow this base schema to allow cross-IA parsing:

{
  "provider": "<string_matching_lidp_tag>",
  "access_token": "<token_string>",
  "token_type": "Bearer", 
  "expires_in": 3600,
  "refresh_token": "<optional_if_offline_access_granted>",
  "scope": "<space_separated_scopes>"
}

Standardization Rules​

1. Unified Prefixing​

2. Immutable Identifiers​

3. Shareable Evidence Payloads​

General JSON Evidence Schema​

Standardization Rules

1. Unified Prefixing

2. Immutable Identifiers

3. Shareable Evidence Payloads

General JSON Evidence Schema