micropublish icon indicating copy to clipboard operation
micropublish copied to clipboard

Published 20 hours ago verified publisher icon barryf

Support handling expired/revoked tokens

Open jamietanna opened this issue 3 years ago • 0 comments

Something that's been discussed a bit in the past, and we're starting to see more adoption of, is expiring tokens in IndieAuth.

This would see an IndieAuth Resource Server, in this case the Micropub Server, returning HTTP 401 or HTTP 403s for bad authentication sent by the client, in the case that the token is no longer valid.

This would require handling these errors, and sending the user through a fresh authorization journey to receive new tokens.

As we're starting to see servers supporting this, it'd be good to have one of the more popular clients supporting this!

Related reading:

  • https://github.com/indieweb/indieauth/issues/81
  • https://github.com/indieweb/Micropub/issues/5
  • https://github.com/w3c/Micropub/issues/107

jamietanna avatar Jul 11 '21 08:07 jamietanna