about summary refs log tree commit diff
path: root/kittybox-rs/src/indieauth
Commit message (Collapse)AuthorAgeFilesLines
* indieauth: parse application metadataVika2022-10-241-23/+58
|
* templates: move static assets to the templates crateVika2022-10-071-2/+2
| | | | | | | | | | | | It makes more sense to keep CSS near the templates, and the client-side JavaScript code too, since it depends on the DOM structure to work. Additionally, the overhead of `include_dir!()` is almost completely mitigated by the fact that this is a separate crate that isn't recompiled often. The linking stage, however, is still expected to take a little bit long. But I doubt it'd be longer than what it was before, since it's the same exact files that get linked into the app.
* Use tokens from the auth backend to authenticate for MicropubVika2022-09-281-0/+72
|
* Fix some clippy errorsVika2022-09-281-0/+3
|
* indieauth: add "token_type" and "scope" to token grant responseVika2022-09-281-1/+5
| | | | | | | It looks like some badly-behaved apps require "scope" even though it is optional according to OAuth2. Additionally, both of these fields are not present in the IndieAuth spec (this is an error in the spec, tracked here: https://github.com/indieweb/indieauth/issues/116
* Make webauthn and openssl optionalVika2022-09-193-7/+34
|
* feat: indieauth supportVika2022-09-194-132/+923
| | | | | | | | | | Working: - Tokens and codes - Authenticating with a password Not working: - Setting the password (need to patch onboarding) - WebAuthn (the JavaScript is too complicated)
* kittybox-templates: split out MF2 rendering and get rid of log crateVika2022-07-271-1/+0
| | | | | Kittybox now uses tracing instead of log. Why would I keep an unneccesary dependency in my Cargo.lock?
* indieauth: replace numerous placeholders in the prototypeVika2022-07-271-25/+150
| | | | | | Fetching profiles is now fully implemented. The only missing pieces are the frontend template and the persistent store for tokens and codes.
* kittybox-indieauth: axum helpers for responsesVika2022-07-221-13/+13
| | | | Some responses need to set Cache-Control and Pragma: no-cache headers according to RFC 6749.
* indieauth: Indicate refresh token grant as supportedVika2022-07-191-1/+1
|
* kittybox-indieauth: convert Error into axum::response::ResponseVika2022-07-191-22/+22
| | | | | | This requires the `axum` feature to be enabled, to prevent unwanted dependencies (e.g. in client apps or when using a different framework, since the library doesn't concern itself with I/O)
* indieauth: improve security checksVika2022-07-191-2/+29
| | | | | Client ID and the redirect URI must match those that were used to create the grant.
* Implement /.well-known/oauth-authorization-serverVika2022-07-191-22/+38
| | | | | This may help non-IndieAuth-aware clients to integrate better into the flow.
* kittybox-indieauth: improve docs and the Error typeVika2022-07-191-14/+60
| | | | | | | `kittybox_indieauth::Error` now represents errors in the IndieAuth process itself. `IndieAuthError` got renamed to `ResourceErrorKind` to reflect errors that a resource server (i.e. IndieAuth consumer) might return to a client who somehow didn't authorize themselves properly.
* WIP: IndieAuth progressVika2022-07-152-0/+390
- Some kittybox-indieauth crate bugs were fixed - Things should mostly work... - ...if you somehow supply your own backend store - YES I MADE IT MODULAR AGAIN - NO I AM NOT SORRY - YOU WILL THANK ME LATER - DO NOT DENY THE HEAVENLY GIFT OF GENERICS IN RUST - Retrieving profiles doesn't work for now because I am unsure how to implement it best