Phil Skentelbery
6bb2a4033f
feat(token): implement GET /token for token verification
Implements W3C IndieAuth Section 6.3 token verification endpoint.
The token endpoint now supports both:
- POST: Issue new tokens (authorization code exchange)
- GET: Verify existing tokens (resource server validation)
Changes:
- Added GET handler to /token endpoint
- Extracts Bearer token from Authorization header (RFC 6750)
- Returns JSON with me, client_id, scope
- Returns 401 with WWW-Authenticate for invalid tokens
- 11 new tests covering all verification scenarios
All 533 tests passing. Resolves critical P0 blocker for v1.0.0.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-25 08:10:47 -07:00
..
2025-11-22 15:16:26 -07:00
2025-11-22 15:16:26 -07:00
2025-11-24 18:14:55 -07:00
2025-11-22 17:46:38 -07:00
2025-11-20 13:05:09 -07:00
2025-11-20 13:05:09 -07:00
2025-11-20 14:24:06 -07:00
2025-11-20 17:16:11 -07:00
2025-11-20 17:16:11 -07:00
2025-11-20 18:28:50 -07:00
2025-11-20 18:28:50 -07:00
2025-11-21 19:16:54 -07:00
2025-11-21 19:16:54 -07:00
2025-11-21 22:22:04 -07:00
2025-11-21 22:22:04 -07:00
2025-11-24 18:14:55 -07:00
2025-11-22 15:16:26 -07:00
2025-11-25 08:10:47 -07:00