In order to continue the OAuth compatibility, this would also ... • Aaron Parecki

57°F

00dani https://github.com/00dani • Jun 24

#19 Allow the 'me' parameter to authorization endpoints to be omitted?

In order to continue the OAuth compatibility, this would also mean that the code exchange (token request) step would need to work without the me parameter as well.

This breaks the ability to use a shared token endpoint between users, since the token endpoint wouldn't know how to verify the authorization code without the me URL at that point. The workaround for shared token endpoints is to have a per-user token endpoint URL, like tokens.indieauth.com/user.example.com/token kind of like how I have per-user webmention endpoints on webmention.io. I'm not sure I'm super happy about this though.

Portland, Oregon, USA • 74°F

Sun, Jun 24, 2018 11:20am -07:00

Have you written a response to this? Let me know the URL:

Posted in /replies using quill.p3k.io