Add Device Flow / Device Authorization Grant

indieweb / indieauth

IndieAuth.net website code and IndieAuth Specification

52 stars 7 forks source link

Open omz13 opened 9 months ago

omz13 commented 9 months ago

add per RFC8628

dshanske commented 7 months ago

This brings in a point...what differences would an IndieAuth implementation need from a standard implementation of the RFC?

We added in refresh token flow and PKCE for security reasons.

omz13 commented 7 months ago

The device needs to ask the user for their domain, then does endpoint discovery per §4.1.1 IndieAuth, then initiates the request per §3.1 RFC8628