diff options
Diffstat (limited to 'src/indieauth/mod.rs')
| -rw-r--r-- | src/indieauth/mod.rs | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/indieauth/mod.rs b/src/indieauth/mod.rs index ab38715..00ae393 100644 --- a/src/indieauth/mod.rs +++ b/src/indieauth/mod.rs @@ -281,6 +281,13 @@ enum Credential { WebAuthn(::webauthn::prelude::PublicKeyCredential) } +// The IndieAuth standard doesn't prescribe a format for confirming +// authorizations, since that's supposed to be internal to the +// server. We are merely passing through the authorization request, +// so the endpoint is stateless, plus a credential. +// +// CSRF protection is supposed to be taken care of by the IndieAuth +// data we are passing through. #[derive(Deserialize, Debug)] struct AuthorizationConfirmation { authorization_method: Credential, |