diff options
| author | Vika <vika@fireburn.ru> | 2025-01-03 14:05:02 +0300 |
|---|---|---|
| committer | Vika <vika@fireburn.ru> | 2025-01-03 14:05:02 +0300 |
| commit | e8aa12a52afa46dc9d0533b82c510f7178440ab3 (patch) | |
| tree | 2f9eac49d07ea439faa01fd5d3745851624ff5d6 | |
| parent | db845e8cc6e3802ed8dde04f9c2aab078e36417d (diff) | |
| download | kittybox-e8aa12a52afa46dc9d0533b82c510f7178440ab3.tar.zst | |
Add a small note about the authorization confirmation endpoint data
Change-Id: I145777043c043163f7c7f3acbb405994d73b479f
| -rw-r--r-- | src/indieauth/mod.rs | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/indieauth/mod.rs b/src/indieauth/mod.rs index ab38715..00ae393 100644 --- a/src/indieauth/mod.rs +++ b/src/indieauth/mod.rs @@ -281,6 +281,13 @@ enum Credential { WebAuthn(::webauthn::prelude::PublicKeyCredential) } +// The IndieAuth standard doesn't prescribe a format for confirming +// authorizations, since that's supposed to be internal to the +// server. We are merely passing through the authorization request, +// so the endpoint is stateless, plus a credential. +// +// CSRF protection is supposed to be taken care of by the IndieAuth +// data we are passing through. #[derive(Deserialize, Debug)] struct AuthorizationConfirmation { authorization_method: Credential, |