Application Information is web application specific

[omz13]

In 4.2.1 it is implicit that the application is a web application.

This should be re-written to take into account that there are device-based applications too.

[sknebel]

No, it merely implies that a website about the application exists?

[omz13]

Yes, it implies/is implicit. I'm simply saying it should be made explicit (since the world does not only comprise web-based apps). And, if you have a device app it means you have to have a corresponding web site so the AS can have a source of mf2+html to work with when presenting the user their options per §4.2.1 IndieAuth.

This was originally raised by somebody on SocialCG who bothered to read IndieAuth with a fresh set of eyes.

[jalcine]

I've been wondering about this (especially for things like posting from my SteamDeck - which doesn't need a website nor does it have a URL). To sknebel's point, I'd opted in my notes to make a URL on my site that it'll advertise.

What kind of things are you considering this for? And how should the spec define retriveal of app info outside of fetching it from the MF2+HTML of one's client URL?

(Originally published at: https://jacky.wtf/2023/11/ZHoI)

[omz13]

@jalcine The logic goes: all clients are web apps, therefore there is always a website from which an AS can find some mf2+html and parse out some app info (h-app) to present to the user during the authorization flow. As we both have device apps, this is where this logic breaks down. As I have my own AS and device-based apps I can and do extend and deviate from the spec because that way I get to have a working solution.

[dshanske]

@omz13 I concur with @sknebel . It doesn't assume there is a webapp. It assumes there is a website about an application that can be used as its client_id and that URL is where application specific data.

It never says that the client must be a web app, just that the ID must be a URL and application information should be discoverable at that URL.

Is your request that it expressly say that the URL is solely for this purpose and the application does not need to function from that location?