Can somebody please tell me how lemmy implements auth? If I sign-up to an instance, who manages the login credentials for my account to validate login attempts? If it’s with the instance manager, am I at the mercy of the instance to keep my login credentials safe? What about when logging in with 3rd party apps like voyager or alexandrite, are my login credentials passed to those 3rd party apps in clear text to validate with the instance that hosts my account.
Ideally, I would want the auth to be handled by one centralized authority that I can trust to keep my credentials safe, instead of trusting instance managers or 3rd party apps not only to store my credentials but to validate auth as well. Is that something that can be implemented for each ActivityPub software? As in auth for all instances of lemmy is handled by lemmy, mastodon by mastodon, misskey by misskey, etc.
E: I’m talking about user authentication, in case that wasn’t clear.
E2: This discussion would be more suited on each software’s development platform. But I will leave it here to get other people’s perspectives.
host your own instance and be your own authority.