David Somers

It is 2023, the world has changed since the web was born: https is cheap, efficient, and ubiquitous, so yes, can we just move to https (and preferably tls 1.2...

If the introspection endpoint needs some assurance that the client is genuine, probably the easiest thing to do is include the `code_verifier` in the request (in the body ideally or...

The device needs to ask the user for their domain, then does endpoint discovery per [§4.1.1 IndieAuth](https://indieauth.spec.indieweb.org/#indieauth-server-metadata), then initiates the request per [§3.1 RFC8628](https://datatracker.ietf.org/doc/html/rfc8628#section-3.1) - What does the device use...

> the issuer URL What URL is this? > should probably also What are you trying to say? Your phrasing here and elsewhere is extremely difficult to understand.

> provided during as Care to re-phrase that? > returned by the authorization endpoint You mean the IndieAuth Server Metadata. And must have a metadata header conflicts with the case...

> Also, it doesn't note well-known as a fallback in the spec specifically. The spec specifically states: > For compatibility with other OAuth 2.0 implementations, use of the .well-known path...

This would be so useful to have. I have some pages where Safari's Reader mode doesn't quite get things right, and would ideally hide some things that are not relevant...

@rthrejheytjyrtj545 we’re discussing adding a media query so things can be done, specifically, when a browser is showing its reader mode.

Just because a spec says something it doesn't necessarily mean it is correct (erratum exist for a reason). Is there a way to get confirmation that it is strictly 32...

The entry that is causing problems is "aaid": "0056#0002" ("PixelPin - Picture Login") and, unless I am mistaken, this is the only entry with a userVerificationDetails.paDesc.minComplexity value; it has also...