| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
It looks like some badly-behaved apps require "scope" even though it
is optional according to OAuth2. Additionally, both of these fields
are not present in the IndieAuth spec (this is an error in the spec,
tracked here: https://github.com/indieweb/indieauth/issues/116
|
| |
|
|
|
|
|
| |
Sometimes it is needed, for example, to construct an HTML form
pre-filled with the request data.
|
|
|
|
|
|
| |
Fetching profiles is now fully implemented. The only missing pieces
are the frontend template and the persistent store for tokens and
codes.
|
| |
|
|
|
|
| |
I am procrastinating very hard right now.
|
|
|
|
| |
Some responses need to set Cache-Control and Pragma: no-cache headers according to RFC 6749.
|
|
|
|
|
|
| |
This requires the `axum` feature to be enabled, to prevent unwanted
dependencies (e.g. in client apps or when using a different framework,
since the library doesn't concern itself with I/O)
|
|
|
|
|
|
|
| |
`kittybox_indieauth::Error` now represents errors in the IndieAuth
process itself. `IndieAuthError` got renamed to `ResourceErrorKind` to
reflect errors that a resource server (i.e. IndieAuth consumer) might
return to a client who somehow didn't authorize themselves properly.
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Some kittybox-indieauth crate bugs were fixed
- Things should mostly work...
- ...if you somehow supply your own backend store
- YES I MADE IT MODULAR AGAIN
- NO I AM NOT SORRY
- YOU WILL THANK ME LATER
- DO NOT DENY THE HEAVENLY GIFT OF GENERICS IN RUST
- Retrieving profiles doesn't work for now because I am unsure how to
implement it best
|
|
|
|
|
|
| |
Really, it should be `Either<AuthorizationRequest, GrantRequest>` but
either serde or axum got iffy about me deserializing it from a
form. Not sure which one.
|
|
|
|
|
|
|
|
|
| |
This makes converting Option<TokenData> into a response and vice versa
a breeze, and hide the complexity of TokenIntrospectionResponse forced
upon this library by the IndieAuth standard.
Really, this type should've been represented as Option<TokenData>, I
just don't know how to add the "active" field to it properly.
|
| |
|
| |
|
|
|
|
|
| |
Turns out it was comparing the list of required scopes
with **itself**. Oops, that's a major security issue.
|
|
This crate is the base framework-agnostic implementation of all data
structures and methods required for IndieAuth protocol. Anything that
can deserialize HTTP request payloads with serde can utilize this
crate.
This is a good candidate to independently release on crates.io when
the interface becomes stable enough.
|