Mastodon + XMPP + SIP
This is an idea. I haven’t looked at actually doing it yet, but I might.
Mastodon needs complimentary instant messaging and I’ve been thinking about how this might be achieved. XMPP and SIP are great federated protocols and it’s possible to use the same domain used for Mastodon for these through SRV records.
Authentication for XMPP and SIP is based on passwords. Mastodon could be extended to write out password hashes to a database to have one password for each service per device. You could then have those servers query the database and check password hashes. I’m not sure what the security properties of this would be compared to OAuth, but I think it’s similar just without the in-band setup.