Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/indieweb/indieauth

IndieAuth.net website code and IndieAuth Specification
https://github.com/indieweb/indieauth

links in one list, update issues to this repo

tantek opened this pull request 6 months ago
Add JSON document to spec

dshanske opened this pull request 6 months ago
Any testing tools available?

anderspitman opened this issue 7 months ago
Why do we need to link back from services to home pages?

samuelgoto opened this issue 7 months ago
Looking to implement IndieAuth and have some questions

anderspitman opened this issue 7 months ago
Should `indieauth-metadata` be discoverable by DNS?

samuelgoto opened this issue 7 months ago
Update client information discovery method

aaronpk opened this issue 7 months ago
Usage of the Me Parameter in the Access Token Response

dshanske opened this issue about 1 year ago
Redirect URIs should move to Metadata Endpoint

dshanske opened this issue about 1 year ago
Add Extension Registry URL to spec.

dshanske opened this issue about 1 year ago
Move Definition of Issuer Identifier to the Identifier Section and Update References to RFC9207

dshanske opened this pull request about 1 year ago
Note that the Issuer Identifier URL Should Have the Metadata Headers

dshanske opened this issue about 1 year ago
Where does the ticket endpoint go looking for the token endpoint?

dshanske opened this issue about 1 year ago
Come Up with a Better Name for Ticket Auth

dshanske opened this issue about 1 year ago
Add Microsub as a conformance class

omz13 opened this issue about 1 year ago
Add Device Flow / Device Authorization Grant

omz13 opened this issue about 1 year ago
Application Information is web application specific

omz13 opened this issue about 1 year ago
Require explicitly specifying `redirect_uri` instead of allowing same-host URIs by default?

saschanaz opened this issue over 1 year ago
How can IndieAuth protect users against fake clients with webviews?

saschanaz opened this issue over 1 year ago
Is `state` still useful when PKCE is forced?

saschanaz opened this issue almost 2 years ago
Discourage use of insecure HTTP for client_id and redirect_uri?

saschanaz opened this issue almost 2 years ago
Clarified token response properties, updated examples

barnabywalters opened this pull request about 2 years ago
Include Cache-Control and Pragma headers in token exchange response example

barnabywalters opened this issue about 2 years ago
Clarify properties in access token grant response description and example

barnabywalters opened this issue over 2 years ago
Text improvement for §6.2 Access Token Verification Response

gRegorLove opened this issue over 2 years ago
Fix canoncalization -> canonicalization

hugopeixoto opened this pull request over 2 years ago
ticketing + ac-obo

omz13 opened this issue over 2 years ago
reference RFC 9207 instead of draft-ietf-oauth-iss-auth-resp

omz13 opened this issue almost 3 years ago
revocation_endpoint_auth_methods_supported is an array

omz13 opened this issue almost 3 years ago
Make IndieAuth object model similar to OIDC

stokito opened this issue almost 3 years ago
Simplify spec with OIDC

stokito opened this issue almost 3 years ago
Add missing quotation mark

jamietanna opened this pull request about 3 years ago
Add User Info Endpoint and Clarify Return

dshanske opened this pull request about 3 years ago
Call out IP based client_id should not be fetched

sebsel opened this pull request about 3 years ago
Discuss Creation of a User Info Endpoint Extension

dshanske opened this issue about 3 years ago
Move Revocation Endpoint to Metadata

dshanske opened this pull request about 3 years ago
Expressly Note a TLS/HTTPS requirement

dshanske opened this issue about 3 years ago
Introduce Server Metadata and Iss Parameter

dshanske opened this pull request about 3 years ago
Consider adopting `iss` parameter

aaronpk opened this issue about 3 years ago
Typo

angelogladding opened this issue about 3 years ago
Issuing Access Tokens for Introspection

dshanske opened this issue about 3 years ago
Make token endpoint overrides consistent

reiterate-app opened this issue about 3 years ago
Add note to Ticket auth that standard grant type fields be provided per spec

dshanske opened this issue about 3 years ago
Introduce Resource Indicators

dshanske opened this pull request about 3 years ago
Add section on accessing protected resources

dshanske opened this pull request over 3 years ago
Token Introspection

dshanske opened this pull request over 3 years ago
Add username attribute to profile response

reiterate-app opened this issue over 3 years ago
Add note on where to find the BASE64-URL-ENCODE algorithm

fluffy-critter opened this pull request over 3 years ago
Add a note of where to find the definition of base64-urlencoding

aaronpk opened this issue over 3 years ago
Refresh Tokens

dshanske opened this pull request over 3 years ago
Add section about accessing protected resources

aaronpk opened this issue over 3 years ago
Extension to Allow Clients to Get Tokens Secured by Ticket

dshanske opened this issue over 3 years ago
Standard mechanism for requesting a ticket auth ticket grant?

fluffy-critter opened this issue over 3 years ago
Do the security considerations of Token Introspection apply to IndieAuth Token Verification?

Zegnat opened this issue over 3 years ago
Do we need to add client_id to ticket auth requests?

aaronpk opened this issue over 3 years ago
Any provision for providing an expiry time as part of the granted ticket?

aaronpk opened this issue over 3 years ago
Should a token grant access to anything more specific than the specified resource?

aaronpk opened this issue over 3 years ago
Adopt Resource Indicators or similar system to limit token access to resources

dshanske opened this issue over 3 years ago
Adopt Expiration and Refresh Tokens into the Spec

dshanske opened this issue over 3 years ago
Add & to Example 6

Zegnat opened this pull request over 3 years ago
Add & to Example 6

Zegnat opened this pull request over 3 years ago
& missing in Example 6

barnabywalters opened this issue over 3 years ago
Clarify relationship between authorization_endpoint and token_endpoint in protocol flow diagram

barnabywalters opened this issue over 3 years ago
Client may provide the `client_id` in the Authorization header for the authorization code exchange

jamietanna opened this issue almost 4 years ago
Fix: Correct broken links for GitHub

jamietanna opened this pull request about 4 years ago
Fix: Re-add fragment links for "URL Canonicalization"

jamietanna opened this pull request about 4 years ago
update changelog and publish new snapshot

aaronpk opened this pull request about 4 years ago
use "hostname" instead of "domain" in main text

aaronpk opened this pull request about 4 years ago
Provided URLs may not be Profile URLs.

Zegnat opened this pull request about 4 years ago
Require Accept headers in requests.

Zegnat opened this pull request about 4 years ago
Document breaking change in Change Log.

Zegnat opened this pull request about 4 years ago
rephrase authorization server confirmation section

aaronpk opened this pull request about 4 years ago
moves the differing profile urls section

aaronpk opened this pull request about 4 years ago
new authorization server confirmation section

aaronpk opened this pull request about 4 years ago
Clarify that discovery does not neccessarily start at a Profile URL

Zegnat opened this issue about 4 years ago
Clarify what an AS should display if no app information was discovered at the client ID URL

aaronpk opened this issue about 4 years ago
IndieAuth needs non-normative Privacy Threat Model documentation

tantek opened this issue about 4 years ago
Clarification on issueing token with profile scope

Zegnat opened this issue about 4 years ago
Document changelog that grant_type is now required

dshanske opened this issue about 4 years ago
update changelog

aaronpk opened this pull request about 4 years ago
Adds PKCE, profile info, makes "me" optional in the request

aaronpk opened this pull request about 4 years ago
Allow clients to always exchange authorization codes at the token endpoint

aaronpk opened this issue about 4 years ago
clean up previous version links

aaronpk opened this pull request about 4 years ago
Remove requirement for same domain

Zegnat opened this pull request over 4 years ago
Clarify redirection language

fluffy-critter opened this pull request over 4 years ago
Editorial: "latest living" is redundant

tantek opened this pull request over 4 years ago
Add recommendation to verify matching authorization_endpoint

fluffy-critter opened this pull request over 4 years ago
use snapshot for dated version

tantek opened this pull request over 4 years ago
fix CSS

aaronpk opened this pull request over 4 years ago
minor fixes

aaronpk opened this pull request over 4 years ago
Initial updates from IndieAuth popup session

aaronpk opened this pull request over 4 years ago
heading editorial, latest version on spec.indieweb

tantek opened this pull request over 4 years ago
editorial header update

tantek opened this pull request over 4 years ago
living standard link to spec.indieweb

tantek opened this pull request over 4 years ago
Discovery: Why not Webfinger ?

grifdail opened this issue over 4 years ago
Drop specification for communication between authorization and token endpoints.

Zegnat opened this issue over 4 years ago
Consider using OAuth Server Metadata

aaronpk opened this issue over 4 years ago
Consolidate authentication/authorization sections because they are actually the same

aaronpk opened this issue over 4 years ago
Include user profile information in response

aaronpk opened this issue over 4 years ago
Adopt Pushed Authorization Requests

aaronpk opened this issue over 4 years ago