Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use redirectURI as clientID for CLI auth #59

Merged
merged 1 commit into from
Sep 4, 2024

Conversation

martymcguire
Copy link
Contributor

Currently, ek connect uses:

  • a client ID of https://p83.nl/microsub-client
  • a redirect URL of http://127.0.0.1:XXXXX (where XXXXX is the port it opened to listen on)

This means the redirect URL has a different host than the client ID. According to 4.2.2. Redirect URL of the living IndieAuth spec:

If a client wishes to use a redirect URL that has a different host than their client_id, or if the redirect URL uses a custom scheme (such as when the client is a native application), then the client will need to explicitly list those redirect URLs in the redirect_uri property of the client metadata so that authorization endpoints can be sure it is safe to redirect users there. Authorization endpoints verifying that a redirect_uri is allowed for use by a client MUST look for an exact match of the given redirect_uri in the request against the list of redirect_uris after resolving any relative URLs.

The currently specified client ID of https://p83.nl/microsub-client serves a 404 with no content, so IndieAuth cannot continue.

This PR works around the issue by reusing the redirect URL as the client ID.

Making these the same means IndieAuth providers don't need to try and fetch a list of allowed redirect_uris and, as a bonus should not be fetching a client ID URL of http://127.0.0.1 anyway.

Tested against (my personal IndieAuth server derived from) Taproot/indieauth with aaronpk/Aperture as my Microsub server.

@pstuifzand pstuifzand merged commit 7227349 into pstuifzand:dev Sep 4, 2024
1 check passed
@pstuifzand
Copy link
Owner

Thank you for your contribution.

@martymcguire martymcguire deleted the mm/cli-auth-client-id branch September 4, 2024 19:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants