Closed aaronpk closed 3 years ago
Related #31
Micro.blog now includes profile
too.
Implemented now in Singulus for GET /indieauth/token
, POST /indieauth/token
, and POST /indieauth/authorize
https://github.com/craftyphotons/singulus/commit/d1cf38ddb0bbad08d2240a00f10a077d00738d2c
This was discussed at the IndieAuth Popup Session, and the outcome of the discussion was:
profile
scopeemail
property and scopeemail
returned can lead to security holes)I'm starting to write the text for this, and realizing now that by not actually tying this vocabulary to jf2 or mf2, the type: card
property is kind of redundant. The data here will always be from the h-card vocabulary anyway, so there doesn't seem to be any reason to include that property. Anyone opposed to just leaving that out since the IndieAuth spec is going to be defining the specific properties to be returned in the object anyway?
There are some experiments of returning profile information in exchange for an authorization code in the response directly, simplifying the development of clients.
e.g.
This can be returned whether or not an access token is also returned.