55°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • 00dani https://github.com/00dani   •   Jun 24

    #19 Allow the 'me' parameter to authorization endpoints to be omitted?

    Aaron Parecki

    Thanks for the writeup!

    This is a really good point. The me parameter in the request is really more of a hint, since the authorization server will ultimately return the final me value at the end of the flow. The client just has to verify that it's on the same domain that was used to discover the authorization endpoint.

    I implemented an IndieAuth server into my website quite a while ago, so I checked the code there. It turns out I had some code that verified the me parameter was in the request, but it actually completely ignores that value after that. Since my site is a single-user site, it's always going to return https://aaronparecki.com/ as the profile URL at the end.

    I'm inclined to make a change to the spec that says clients SHOULD include the me in the authorization request, but that the authorization server should not require the parameter. I do like that it helps IndieAuth be more in line with OAuth 2.0.

    Portland, Oregon, USA • 72°F
    Sun, Jun 24, 2018 10:50am -07:00
Posted in /replies using quill.p3k.io

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv