Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Application Information is web application specific #123

Open
omz13 opened this issue Oct 4, 2023 · 5 comments
Open

Application Information is web application specific #123

omz13 opened this issue Oct 4, 2023 · 5 comments

Comments

@omz13
Copy link

omz13 commented Oct 4, 2023

In 4.2.1 it is implicit that the application is a web application.

This should be re-written to take into account that there are device-based applications too.
@sknebel
Copy link
Member

sknebel commented Oct 8, 2023

No, it merely implies that a website about the application exists?

@omz13
Copy link
Author

omz13 commented Nov 13, 2023

Yes, it implies/is implicit. I'm simply saying it should be made explicit (since the world does not only comprise web-based apps). And, if you have a device app it means you have to have a corresponding web site so the AS can have a source of mf2+html to work with when presenting the user their options per §4.2.1 IndieAuth.

This was originally raised by somebody on SocialCG who bothered to read IndieAuth with a fresh set of eyes.

@jalcine
Copy link

jalcine commented Nov 27, 2023

I've been wondering about this (especially for things like posting from my SteamDeck - which doesn't need a website nor does it have a URL). To sknebel's point, I'd opted in my notes to make a URL on my site that it'll advertise.

What kind of things are you considering this for? And how should the spec define retriveal of app info outside of fetching it from the MF2+HTML of one's client URL?

(Originally published at: https://jacky.wtf/2023/11/ZHoI)

@omz13
Copy link
Author

omz13 commented Nov 29, 2023

@jalcine The logic goes: all clients are web apps, therefore there is always a website from which an AS can find some mf2+html and parse out some app info (h-app) to present to the user during the authorization flow. As we both have device apps, this is where this logic breaks down. As I have my own AS and device-based apps I can and do extend and deviate from the spec because that way I get to have a working solution.

@dshanske
Copy link
Member

@omz13 I concur with @sknebel . It doesn't assume there is a webapp. It assumes there is a website about an application that can be used as its client_id and that URL is where application specific data.

It never says that the client must be a web app, just that the ID must be a URL and application information should be discoverable at that URL.

Is your request that it expressly say that the URL is solely for this purpose and the application does not need to function from that location?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@omz13 @jalcine @sknebel @dshanske