• #dev 2024-05-17
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2024-05-17 UTC
# 19:11
oblivxi0us
I'm reading the IndieAuth docs and one thing isn't fully clear to me: how does the token endpoint *know* whether the authorization code is valid and the code_verifier matches the code_challenge, without talking to the authorization endpoint? Do they need to be on the same server with some common database?