search

barryf / micropublish

A Micropub client that you can use to create, update, delete and undelete content on your Micropub-enabled website.
https://micropublish.net
MIT License
68 stars 16 forks source link

Improve IndieAuth spec compliance #55

Closed barryf closed 3 years ago

barryf commented 3 years ago

Closes #54

barryf commented 3 years ago

@jamietanna Does this new version work correctly with your new IndieAuth server? It should support PKCE.

jamietanna commented 3 years ago

I'm seeing a fail with 400 received from token endpoint. on redirect with code, so possibly not - I'll have a look my side, is there anything you can check in your logs to see what went wrong?

jamietanna commented 3 years ago

Looks like I'm not happy with the PKCE :thinking:

jamietanna commented 3 years ago

Looks like the challenge you're sending has Base64 padding =s which aren't allowed - you'll need to strip them before you send them, otherwise servers will reject it

barryf commented 3 years ago

This is how I construct the code_challenge in Ruby. It seems to follow the spec's method, although I may need to do some more reading.

code_challenge = Base64.urlsafe_encode64(
  Digest::SHA256.hexdigest(code_verifier)
)
jamietanna commented 3 years ago

I had this as well on the server side, I think when you compute that, you need to gsub(/=/, '')

barryf commented 3 years ago

Ah, good spot re: the "=" added. I'll strip them. Thanks :+1: