#aaronpkin indieauth, the user enters their website into the app so that the app can perform discovery on it to know where to send them. you can just completely ignore the "me" parameter in the first authorization request and user the current logged-in user ID instead.