2017-03-06 UTC
# aaronpk we should not be training people to enter any sort of secret on arbitrary sites, so I'm also more inclined to support this method only when the user decides to establish a trusted relationship with indieauth.com (e.g. they've delegated their domain to use indieauth.com as their authorization endpoint)