• #dev 2019-10-08
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2019-10-08 UTC
# 02:37
[dmitshur] As I understand, it "should" happen and it's to be done by the authorization endpoint (i.e., part of step 4 in the diagram at https://indieweb.org/indieauth-for-login). The relevant section in the spec seems to be section 7.2, https://indieauth.spec.indieweb.org/#preventing-phishing-and-redirect-attacks.