aaronpkugh yeah the most build process i'm willing to put up with is a package manager for server-side code. cause once i install the packages i need, i don't have to touch that again and can edit code all day long
GWGIs there a scenario where someone might have an authorization_endpoint header and not a token_endpoint header or vice-versa? I'm assuming if there is one, the other will be there.
aaronpkIn an early version of the spec you could do sign-on with only the authorization endpoint. That wasn't strictly following the OAuth protocol so we changed it. So now both are required for all the use cases
GWGThat's what I thought. This is my new discover_endpoints function, which looks for metadata, and then if not, extracts known rels into the same data structure so it can return it. So, if both aren't found, I'm considering it a failure
aaronpkOh and it is also possible to use other grant types with only the token endpoint but I suspect that doesn't have an actual use case with IndieAuth
GWGThis is all because the ticket endpoint acts similarly to a client in redeeming the ticket, so to avoid repeating code, I'm pulling out the client type code and then calling it for each function.
havacow Ah modern web dev... so over-engineered!
GWG aaronpk: Any chance of a quick review on https://github.com/indieweb/indieauth/pull/129
[tantek] Need to put this post somewhere high-up on "getting started as a developer" on the IndieWeb: https://manuelmoreale.com/more-new-mindsets-fewer-new-technologies