Commit Graph

8 Commits

Author SHA1 Message Date
Kyle Mahan 897c75848c bump version number
fixes #6
2017-11-04 18:31:05 -07:00
Kyle Mahan 7ce70f5cac update changelog 2016-03-18 12:28:00 -07:00
Kyle Mahan 6c2f5f3f6a Support discovering endpoints from HTTP Link headers
in addition to searching the body of the page.
2016-03-18 09:30:49 -07:00
Kyle Mahan 9fdd45a0de Do not burn auth codes by authenticating before requesting an access
token

This broke authorization for endpoints that only allow a code to be
used once (e.g. Known).

A side effect is that authorization no longer falls back to authentication
if the token endpoint does not exist or returns an error.
2016-01-27 07:24:55 -08:00
Kyle Mahan 3282bd76ba Replace next_url parameter with the more general and useful state 2015-12-13 19:50:54 -08:00
Kyle Mahan 69eb9ffb9a increment version 0.2.3 2015-06-21 22:40:44 -07:00
Kyle Mahan b714d8db93 do not cache endpoints
Caching these would have allowed a malicious or buggy
auth/token_endpoint combination to give you credentials for another
user's domain name.
2015-05-31 09:16:40 -07:00
Kyle Mahan 474458c623 added authentication-only flow
- Added a separate 'authenticate' flow to provide explicit support for
  calling out to indieauth without requesting any sort of access
  token.
- Redirect_url is now determined automatically based on the
  authenticated_handler or authorized_handler annotations
2015-02-07 09:40:31 -08:00