Phil Skentelbery
6bb2a4033f
feat(token): implement GET /token for token verification
Implements W3C IndieAuth Section 6.3 token verification endpoint.
The token endpoint now supports both:
- POST: Issue new tokens (authorization code exchange)
- GET: Verify existing tokens (resource server validation)
Changes:
- Added GET handler to /token endpoint
- Extracts Bearer token from Authorization header (RFC 6750)
- Returns JSON with me, client_id, scope
- Returns 401 with WWW-Authenticate for invalid tokens
- 11 new tests covering all verification scenarios
All 533 tests passing. Resolves critical P0 blocker for v1.0.0.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-25 08:10:47 -07:00
..
2025-11-20 12:21:42 -07:00
2025-11-22 15:16:26 -07:00
2025-11-20 17:16:11 -07:00
2025-11-22 15:16:26 -07:00
2025-11-22 17:46:38 -07:00
2025-11-20 13:44:33 -07:00
2025-11-20 12:21:42 -07:00
2025-11-20 17:16:11 -07:00
2025-11-20 13:44:33 -07:00
2025-11-22 12:23:20 -07:00
2025-11-20 13:44:33 -07:00
2025-11-20 13:44:33 -07:00
2025-11-20 14:24:06 -07:00
2025-11-25 08:10:47 -07:00
2025-11-20 14:24:06 -07:00
2025-11-24 18:14:55 -07:00