issues
search
indieweb
/
indieauth
IndieAuth.net website code and IndieAuth Specification
52
stars
7
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Add section about accessing protected resources
#89
aaronpk
closed
2 years ago
1
Extension to Allow Clients to Get Tokens Secured by Ticket
#88
dshanske
opened
2 years ago
5
Standard mechanism for requesting a ticket auth ticket grant?
#87
fluffy-critter
opened
2 years ago
11
Do the security considerations of Token Introspection apply to IndieAuth Token Verification?
#86
Zegnat
closed
1 month ago
4
Do we need to add client_id to ticket auth requests?
#85
aaronpk
opened
2 years ago
3
Any provision for providing an expiry time as part of the granted ticket?
#84
aaronpk
closed
9 months ago
10
Should a token grant access to anything more specific than the specified resource?
#83
aaronpk
opened
3 years ago
1
Adopt Resource Indicators or similar system to limit token access to resources
#82
dshanske
opened
3 years ago
7
Adopt Expiration and Refresh Tokens into the Spec
#81
dshanske
closed
2 years ago
7
Add & to Example 6
#80
Zegnat
closed
2 years ago
0
Add & to Example 6
#79
Zegnat
closed
3 years ago
2
& missing in Example 6
#78
barnabywalters
closed
3 years ago
0
Clarify relationship between authorization_endpoint and token_endpoint in protocol flow diagram
#77
barnabywalters
closed
2 years ago
5
Client may provide the `client_id` in the Authorization header for the authorization code exchange
#76
jamietanna
closed
3 years ago
6
Fix: Correct broken links for GitHub
#75
jamietanna
closed
3 years ago
0
Fix: Re-add fragment links for "URL Canonicalization"
#74
jamietanna
opened
3 years ago
0
update changelog and publish new snapshot
#73
aaronpk
closed
3 years ago
0
use "hostname" instead of "domain" in main text
#72
aaronpk
closed
3 years ago
1
Provided URLs may not be Profile URLs.
#71
Zegnat
closed
3 years ago
0
Require Accept headers in requests.
#70
Zegnat
opened
3 years ago
2
Document breaking change in Change Log.
#69
Zegnat
closed
3 years ago
2
rephrase authorization server confirmation section
#68
aaronpk
closed
3 years ago
2
moves the differing profile urls section
#67
aaronpk
closed
3 years ago
0
new authorization server confirmation section
#66
aaronpk
closed
3 years ago
0
Clarify that discovery does not neccessarily start at a Profile URL
#65
Zegnat
closed
3 years ago
0
Clarify what an AS should display if no app information was discovered at the client ID URL
#64
aaronpk
opened
3 years ago
1
IndieAuth needs non-normative Privacy Threat Model documentation
#63
tantek
opened
3 years ago
0
Clarification on issueing token with profile scope
#62
Zegnat
closed
2 years ago
3
Document changelog that grant_type is now required
#61
dshanske
closed
3 years ago
3
update changelog
#60
aaronpk
closed
3 years ago
0
Adds PKCE, profile info, makes "me" optional in the request
#59
aaronpk
closed
3 years ago
4
Allow clients to always exchange authorization codes at the token endpoint
#58
aaronpk
closed
2 years ago
6
clean up previous version links
#57
aaronpk
closed
3 years ago
0
Remove requirement for same domain
#56
Zegnat
closed
3 years ago
11
Clarify redirection language
#55
fluffy-critter
closed
3 years ago
2
Editorial: "latest living" is redundant
#54
tantek
closed
3 years ago
0
Add recommendation to verify matching authorization_endpoint
#53
fluffy-critter
closed
3 years ago
17
use snapshot for dated version
#52
tantek
closed
3 years ago
0
fix CSS
#51
aaronpk
closed
3 years ago
0
minor fixes
#50
aaronpk
closed
3 years ago
0
Initial updates from IndieAuth popup session
#49
aaronpk
closed
3 years ago
0
heading editorial, latest version on spec.indieweb
#48
tantek
closed
3 years ago
0
editorial header update
#47
tantek
closed
3 years ago
0
living standard link to spec.indieweb
#46
tantek
closed
3 years ago
0
Discovery: Why not Webfinger ?
#45
grifdail
closed
3 years ago
5
Drop specification for communication between authorization and token endpoints.
#44
Zegnat
closed
3 years ago
4
Consider using OAuth Server Metadata
#43
aaronpk
closed
2 years ago
12
Consolidate authentication/authorization sections because they are actually the same
#42
aaronpk
closed
3 years ago
5
Include user profile information in response
#41
aaronpk
closed
3 years ago
5
Adopt Pushed Authorization Requests
#40
aaronpk
opened
3 years ago
5
Previous
Next