Open samuelgoto opened 1 month ago
This is the older language which might be confusing, but the link from the service back to the user's site is still important. It just doesn't have to have the rel=me on the service like GitHub/Twitter anymore. It will use the profile info it gets from the OAuth API of the service to confirm the link back.
The bidirectional link is important though, although I'm not finding a good explanation of why at the moment, it might be in the chat logs linked from here https://indieweb.org/RelMeAuth#FAQ
Do note that the whole rel=me thing is not part of IndieAuth at all though, it's how this particular IndieAuth provider authenticates the user. Other IndieAuth servers might authenticate the user in other ways
I'm implementing an IndieAuth client and got a bit stuck following parts of the instructions.
Step (2) is catching me by surprise here:
Why is Step (2) necessary?
Isn't it sufficient to discover the
rel=me
links and use OAuth to prove that a user owns those links?