Open omz13 opened 9 months ago
This brings in a point...what differences would an IndieAuth implementation need from a standard implementation of the RFC?
We added in refresh token flow and PKCE for security reasons.
The device needs to ask the user for their domain, then does endpoint discovery per §4.1.1 IndieAuth, then initiates the request per §3.1 RFC8628
add per RFC8628