You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There needs to be a function that an App can call within IndieWebKit that builds and makes the Authentication Request. It will need to be able to customize the callback per app.
The client builds the authentication request URL by starting with the discovered authorization_endpoint URL and adding the following parameters to the query component:
me - The user's profile URL
client_id - The client URL
redirect_uri - The redirect URL indicating where the user should be redirected to after approving the request
state - A parameter set by the client which will be included when the user is redirected back to the client. This is used to prevent CSRF attacks. The authorization server MUST return the unmodified state value back to the client.
response_type=id - (optional) Indicates to the authorization server that this is an authentication request. If this parameter is missing, the authorization endpoint MUST default to id.
Also during this we will want to handle adding support for PKCE:
The client establishes its identity by generating a random secret.
When the client redirects the user to the authorization server, it includes a one-way hashed version of this secret, known as the code_challenge, which the server will store, along with a code_challenge_method describing the hashing algorithm used to make the hash.
This is almost entirely finished. The framework since it is multi-platform is breaking on using ASWebAuthenticationSession, so that needs to be figured out
There needs to be a function that an App can call within IndieWebKit that builds and makes the Authentication Request. It will need to be able to customize the callback per app.
The client builds the authentication request URL by starting with the discovered authorization_endpoint URL and adding the following parameters to the query component:
me - The user's profile URL
client_id - The client URL
redirect_uri - The redirect URL indicating where the user should be redirected to after approving the request
state - A parameter set by the client which will be included when the user is redirected back to the client. This is used to prevent CSRF attacks. The authorization server MUST return the unmodified state value back to the client.
response_type=id - (optional) Indicates to the authorization server that this is an authentication request. If this parameter is missing, the authorization endpoint MUST default to id.
https://indieauth.spec.indieweb.org/#authentication-request
The text was updated successfully, but these errors were encountered: