#[jacky]with indieauth, do we have a way to add a "note" to token verification requests? I'm thinking of something like having a read token but then alerting as to what you're using the token for. what I think works for me is passing along `resource` because https://datatracker.ietf.org/doc/html/rfc7662#section-2.1 isn't saying I can't
#[jacky]and this is part of a larger want to tie actions to specific auth requests for an audit log
#GWGresource is a word I wouldn't use because it has a usage in OAuth as a proposal.
#Loqi[preview] [BMO] SVG allows you to embed CSS.
CSS can detect dark mode.
Make your favicons in SVG!Simple example:<svg viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg">
<style>
@media (prefers-color-scheme: dark) {
.r {fill: white}
}
</style>
...
geoffo, Renfield, [jacky], AramZS, [jeremycherfas] and CRISPR joined the channel
#Loqi[preview] [dshanske] Proposing this text.
`The ticket endpoint makes a GET or HEAD request to discover the metadata endpoint of the issuer property, to discover the token endpoint. The issuer property MUST allow for discovery of the metadata endpoint. If no issuer pro...
#gRegorHaven't thought in-depth on it yet. First question is whether `iss` is required. That phrasing implies it's optional.
tbbrown joined the channel
#gRegorWith it optional, feels like it makes a more complicated set of if/else scenarios to handle.
#gRegorOnly other thought is the discovery described there should probably link to and reference https://indieauth.spec.indieweb.org/#discovery-by-clients instead of repeating it. That section has all the details about link headers, redirects, relative urls, etc.
#gRegorRequiring `iss` and requiring that URL link to indieauth-metadata sounds good, but I'm interested to hear other implementers thoughts/experience.
#GWGWell, I think implementers so far would be Zegnat, jamietanna, sknebel and fluffy, other than the two of us, if I remember correctly, of parts of the flow.
#gRegorTrue, though I mean any IndieAuth server implementers. What sounds reasonable, too much, etc.
#gRegorThat list sounds correct to my recollection
#GWGThe other issue is the section is 'discovery by clients'
#GWGBut we also have discovery by Resource Servers, because the introspection endpoint is not meant to be used by clients..maybe the section should be rearranged a bit.
[Al_Abut] joined the channel
#gRegorMaybe that could be clarified in the ticketing section when linking to it, or maybe within that the dicovery by clients section if necessary. It seems like ticket_endpoint is behaving like a client in this specific case.
#GWGYes. I'm just saying we could also concurrently clarify the application there to loop in more effectively.