indieauth
indieauth copied to clipboard
IndieAuth Specification
IndieAuth [registers](https://indieauth.spec.indieweb.org/#iana-considerations) 3 link relations: `authorization_endpoint`, `token_endpoint`, and `redirect_uri`. Additionally it requires both [clients](https://indieauth.spec.indieweb.org/#discovery-by-clients) and [servers](https://indieauth.spec.indieweb.org/#redirect-url) to check HTTP `Link` headers for URLs with these relations. According to [RFC 5988](https://tools.ietf.org/html/rfc5988)...
https://datatracker.ietf.org/doc/html/rfc8707 is the resource indicator specification Suggest, unlike the specification, that resource optionally be in the return...that would allow an endpoint not requesting any specific resource to be told what...
The IndieAuth spec should expressly note a requirement of HTTPS for endpoints.
This issue was created in response to [a discussion in #indieweb-dev](https://chat.indieweb.org/dev/2018-08-19). The essentials should be summarised here, but for full context, see the chat logs [starting at 11:31](https://chat.indieweb.org/dev/2018-08-19#t1534678280193900), ending [around...
Want to start discussing this. Proposing a simplified way for a client to get access to the token secured by the ticket endpoint. Starting with the autoauth solution, suggest that...
(copying from the wiki) Would a token grant access to anything more specific than the provided resource, or would it be only for that specific resource? (e.g. should a token...
More strictly define the requests we expect clients to send to the endpoints, outside of just the (generally treated as non-normative) examples. This adds: 1. The requirement for an HTTP...
Since in-the-wild implementations also sometimes use/default to form-encoded in some places this spec requires JSON responses, it might make sense to state that clients SHOULD/MUST set an `Accept: application/json` header....
According to https://indieauth.spec.indieweb.org/#client-identifier > Client identifier URLs ... MUST contain a path component Example clients which provide no path component in client_id: 1. indiebookclub.biz 2. indigenous.realize.be (Indigenous for Android, as...