aaronpk
commented
3 years ago Removing this from the GitHub milestone for now while we focus on the current open issues we discussed at the popup.
Open aaronpk opened 3 years ago
aaronpk
commented
3 years ago Removing this from the GitHub milestone for now while we focus on the current open issues we discussed at the popup.
aaronpk
commented
3 years ago Leaving this issue open for future discussions.
jamietanna
commented
3 years ago I have partially implemented this as part of my new IndieAuth server
(Originally published at: https://www.jvt.me/mf2/2020/12/mlcei/)
jamietanna
commented
2 years ago This is now an official spec, RFC9126
jalcine
commented
7 months ago Planning on adding this to sele.jalcine.dev in its major release. It'll make CLI apps and mobile apps quite easier to craft.
(Originally published at: https://jacky.wtf/2023/11/iQTR)
Pushed Authorization Requests is still an early OAuth 2.0 draft, but is a good candidate for IndieAuth as well as it provides better overall security.
Instead of first building a URL with the authorization request and redirecting the user's browser to that URL, the first step is to send a POST with the request details to the authorization endpoint, and then redirecting the user's browser to the authorization endpoint with an opaque string returned from the previous step.