2022-07-10 UTC
# vikanezrimaya And for sites using IndieAuth as identity consumers (which means they allow logging in through IndieAuth), they trust the authorization endpoint to provide correct details, but verify that the authorization endpoint belongs to whoever tries to authenticate by checking if their profile page contains a link to it