feat(auth): implement response_type=id authentication flow
Implements both IndieAuth flows per W3C specification: - Authentication flow (response_type=id): Code redeemed at authorization endpoint, returns only user identity - Authorization flow (response_type=code): Code redeemed at token endpoint, returns access token Changes: - Authorization endpoint GET: Accept response_type=id (default) and code - Authorization endpoint POST: Handle code verification for authentication flow - Token endpoint: Validate response_type=code for authorization flow - Store response_type in authorization code metadata - Update metadata endpoint: response_types_supported=[code, id], code_challenge_methods_supported=[S256] The default behavior now correctly defaults to response_type=id when omitted, per IndieAuth spec section 5.2. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
@@ -76,6 +76,7 @@ class TestCompleteAuthorizationFlow:
|
||||
consent_data = {
|
||||
"client_id": "https://app.example.com",
|
||||
"redirect_uri": "https://app.example.com/callback",
|
||||
"response_type": "code", # Authorization flow - exchange at token endpoint
|
||||
"state": "e2e_test_state_12345",
|
||||
"code_challenge": "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM",
|
||||
"code_challenge_method": "S256",
|
||||
@@ -139,6 +140,7 @@ class TestCompleteAuthorizationFlow:
|
||||
data={
|
||||
"client_id": "https://app.example.com",
|
||||
"redirect_uri": "https://app.example.com/callback",
|
||||
"response_type": "code", # For state preservation test
|
||||
"state": state,
|
||||
"code_challenge": "abc123",
|
||||
"code_challenge_method": "S256",
|
||||
@@ -163,6 +165,7 @@ class TestCompleteAuthorizationFlow:
|
||||
data={
|
||||
"client_id": "https://app.example.com",
|
||||
"redirect_uri": "https://app.example.com/callback",
|
||||
"response_type": "code", # Authorization flow - exchange at token endpoint
|
||||
"state": f"flow_{i}",
|
||||
"code_challenge": "abc123",
|
||||
"code_challenge_method": "S256",
|
||||
@@ -217,6 +220,7 @@ class TestErrorScenariosE2E:
|
||||
metadata = {
|
||||
"client_id": "https://app.example.com",
|
||||
"redirect_uri": "https://app.example.com/callback",
|
||||
"response_type": "code", # Authorization flow - exchange at token endpoint
|
||||
"state": "test",
|
||||
"me": "https://user.example.com",
|
||||
"scope": "",
|
||||
@@ -255,6 +259,7 @@ class TestErrorScenariosE2E:
|
||||
data={
|
||||
"client_id": "https://app.example.com",
|
||||
"redirect_uri": "https://app.example.com/callback",
|
||||
"response_type": "code", # Authorization flow - exchange at token endpoint
|
||||
"state": "test",
|
||||
"code_challenge": "abc123",
|
||||
"code_challenge_method": "S256",
|
||||
@@ -292,6 +297,7 @@ class TestErrorScenariosE2E:
|
||||
data={
|
||||
"client_id": "https://app.example.com",
|
||||
"redirect_uri": "https://app.example.com/callback",
|
||||
"response_type": "code", # Authorization flow - exchange at token endpoint
|
||||
"state": "test",
|
||||
"code_challenge": "abc123",
|
||||
"code_challenge_method": "S256",
|
||||
@@ -327,6 +333,7 @@ class TestTokenUsageE2E:
|
||||
data={
|
||||
"client_id": "https://app.example.com",
|
||||
"redirect_uri": "https://app.example.com/callback",
|
||||
"response_type": "code", # Authorization flow - exchange at token endpoint
|
||||
"state": "test",
|
||||
"code_challenge": "abc123",
|
||||
"code_challenge_method": "S256",
|
||||
@@ -362,6 +369,7 @@ class TestTokenUsageE2E:
|
||||
data={
|
||||
"client_id": "https://app.example.com",
|
||||
"redirect_uri": "https://app.example.com/callback",
|
||||
"response_type": "code", # Authorization flow - exchange at token endpoint
|
||||
"state": "test",
|
||||
"code_challenge": "abc123",
|
||||
"code_challenge_method": "S256",
|
||||
|
||||
Reference in New Issue
Block a user