fix(indiekit): send query not body to token endpoint

packages/indiekit/lib/indieauth.js

@@ -61,19 +61,17 @@ export const IndieAuth = class {
   async authorizationCodeGrant(tokenEndpoint, code) {
     try {
       const tokenUrl = new URL(tokenEndpoint);
+      tokenUrl.searchParams.append("client_id", this.clientId);
+      tokenUrl.searchParams.append("code", code);
+      tokenUrl.searchParams.append("code_verifier", this.codeVerifier);
+      tokenUrl.searchParams.append("grant_type", "authorization_code");
+      tokenUrl.searchParams.append("redirect_uri", this.redirectUri);
+
       const endpointResponse = await fetch(tokenUrl.href, {
         method: "POST",
         headers: {
           accept: "application/json",
-          "content-type": "application/json",
         },
-        body: JSON.stringify({
-          client_id: this.clientId,
-          code,
-          code_verifier: this.codeVerifier,
-          grant_type: "authorization_code",
-          redirect_uri: this.redirectUri,
-        }),
       });
 
       const body = await endpointResponse.json();

packages/indiekit/tests/unit/indieauth.js

@@ -44,7 +44,10 @@ test("Exchanges authorization code for access token", async (t) => {
 
 test("Throws error exchanging authorization code for invalid access token", async (t) => {
   await t.throwsAsync(
-    indieauth.authorizationCodeGrant("https://token-endpoint.example", "code"),
+    indieauth.authorizationCodeGrant(
+      "https://token-endpoint.example",
+      "invalid"
+    ),
     {
       message: "The token endpoint did not return the expected parameters",
     }
@@ -65,7 +68,7 @@ test("Throws error exchanging invalid code for access token", async (t) => {
 
 test("Throws error exchanging authorization code during request", async (t) => {
   await t.throwsAsync(
-    indieauth.authorizationCodeGrant("https://token-endpoint.example", "code"),
+    indieauth.authorizationCodeGrant("https://token-endpoint.example", "404"),
     {
       message: "Not Found",
     }