phil/StarPunk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: add reference IndieAuth identity page implementation

Browse Source 
Add minimal, production-ready static HTML identity page as reference
implementation for IndieAuth authentication.

Includes:
- Complete identity-page.html with h-card and IndieAuth endpoints
- Architectural documentation and rationale
- ADR-010: Static Identity Page decision record
- Customization guide for users

The example is zero-dependency, copy-paste ready, and guaranteed to
work with IndieLogin.com and StarPunk. Pre-configured for
thesatelliteoflove.com as working example.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Phil Skentelbery
2025-11-19 13:03:49 -07:00
parent 155cae8055
commit 68669b9a6a
5 changed files with 1153 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
docs/architecture/indieauth-identity-page.md Normal file
View File

@@ -0,0 +1,155 @@
# IndieAuth Identity Page Architecture
## Overview
An IndieAuth identity page serves as the authoritative source for a user's online identity in the IndieWeb ecosystem. This document defines the minimal requirements and best practices for creating a static HTML page that functions as an IndieAuth identity URL.
## Purpose
The identity page serves three critical functions:
1. **Authentication Endpoint Discovery** - Provides rel links to IndieAuth endpoints
2. **Identity Verification** - Contains h-card microformats with user information
3. **Social Proof** - Optional rel="me" links for identity consolidation
## Technical Requirements
### 1. HTML Structure
```
DOCTYPE html5
├── head
│ ├── meta charset="utf-8"
│ ├── meta viewport (responsive)
│ ├── title (user's name)
│ ├── rel="authorization_endpoint"
│ ├── rel="token_endpoint"
│ └── optional: rel="micropub"
└── body
└── h-card
├── p-name (full name)
├── u-url (identity URL)
├── u-photo (optional avatar)
└── rel="me" links (optional)
```
### 2. IndieAuth Discovery
The page MUST include these link elements in the `<head>`:
```html
<link rel="authorization_endpoint" href="https://indieauth.com/auth">
<link rel="token_endpoint" href="https://tokens.indieauth.com/token">
```
These endpoints:
- **authorization_endpoint**: Handles the OAuth 2.0 authorization flow
- **token_endpoint**: Issues access tokens for API access
### 3. Microformats2 h-card
The h-card provides machine-readable identity information:
```html
<div class="h-card">
<h1 class="p-name">User Name</h1>
<a class="u-url" href="https://example.com" rel="me">https://example.com</a>
</div>
```
Required properties:
- `p-name`: The person's full name
- `u-url`: The canonical identity URL (must match the page URL)
Optional properties:
- `u-photo`: Avatar image URL
- `p-note`: Brief biography
- `u-email`: Contact email (consider privacy implications)
### 4. rel="me" Links
For identity consolidation and social proof:
```html
<a href="https://github.com/username" rel="me">GitHub</a>
```
Best practices:
- Only include links to profiles you control
- Ensure reciprocal rel="me" links where possible
- Use HTTPS URLs whenever available
## Security Considerations
### 1. HTTPS Requirement
- Identity URLs MUST use HTTPS
- All linked endpoints MUST use HTTPS
- Mixed content will break authentication flows
### 2. Content Security
- No inline JavaScript required or recommended
- Minimal inline CSS only if necessary
- No external dependencies for core functionality
### 3. Privacy
- Consider what information to make public
- Email addresses can attract spam
- Phone numbers should generally be avoided
## Testing Strategy
### 1. IndieAuth Validation
- Test with https://indielogin.com/
- Verify endpoint discovery works
- Complete a full authentication flow
### 2. Microformats Validation
- Use https://indiewebify.me/
- Verify h-card is properly parsed
- Check all properties are detected
### 3. HTML Validation
- Validate with W3C validator
- Ensure semantic HTML5 compliance
- Check accessibility basics
## Common Pitfalls
### 1. Missing or Wrong URLs
- Identity URL must be absolute and match the actual page URL
- Endpoints must be absolute URLs
- rel="me" links must be to HTTPS when available
### 2. Incorrect Microformats
- Missing required h-card properties
- Using old hCard format instead of h-card
- Nesting errors in microformat classes
### 3. Authentication Failures
- Using HTTP instead of HTTPS
- Incorrect or missing endpoint declarations
- Not including trailing slashes consistently
## Minimal Implementation Checklist
- [ ] HTML5 DOCTYPE declaration
- [ ] UTF-8 character encoding
- [ ] Viewport meta tag for mobile
- [ ] Authorization endpoint link
- [ ] Token endpoint link
- [ ] h-card with p-name
- [ ] h-card with u-url matching page URL
- [ ] All URLs use HTTPS
- [ ] No broken links or empty hrefs
- [ ] Valid HTML5 structure
## Reference Implementations
See `/docs/examples/identity-page.html` for a complete, working example that can be customized for any IndieAuth user.
## Standards References
- [IndieAuth Specification](https://indieauth.spec.indieweb.org/)
- [Microformats2 h-card](http://microformats.org/wiki/h-card)
- [rel="me" specification](https://microformats.org/wiki/rel-me)
- [IndieWeb Authentication](https://indieweb.org/authentication)

144
docs/decisions/ADR-010-static-identity-page.md Normal file
View File

@@ -0,0 +1,144 @@
# ADR-010: Static HTML Identity Pages for IndieAuth
## Status
Accepted
## Context
Users need a way to establish their identity on the web for IndieAuth authentication. This identity page serves as the authoritative source for:
- Discovering authentication endpoints
- Providing identity information (h-card)
- Establishing social proof through rel="me" links
The challenge is creating something that:
- Works immediately without any server-side code
- Has zero dependencies
- Can be hosted anywhere (static hosting, GitHub Pages, etc.)
- Is simple enough for non-technical users to customize
## Decision
We will provide a single, self-contained HTML file that serves as a complete IndieAuth identity page with:
1. **No external dependencies** - Everything needed is in one file
2. **No JavaScript** - Pure HTML with optional inline CSS
3. **Public IndieAuth endpoints** - Use indieauth.com's free service
4. **Comprehensive documentation** - Comments explaining every section
5. **Minimal but complete** - Only what's required, nothing more
## Rationale
### Why Static HTML?
1. **Maximum Portability**: Can be hosted anywhere that serves HTML
2. **Zero Maintenance**: No updates, no dependencies, no security patches
3. **Instant Setup**: Upload one file and it works
4. **Educational**: Users can read and understand the entire implementation
### Why Use indieauth.com?
1. **Free and Reliable**: Public service maintained by Aaron Parecki
2. **No Registration**: Works for any domain immediately
3. **Standards Compliant**: Reference implementation of IndieAuth
4. **Privacy Focused**: Doesn't store user data
### Why Inline Documentation?
1. **Self-Teaching**: The file explains itself
2. **No External Docs**: Everything needed is in the file
3. **Copy-Paste Friendly**: Users can take what they need
4. **Reduces Errors**: Instructions are right next to the code
## Consequences
### Positive
1. **Lowest Possible Barrier**: Anyone who can edit HTML can use this
2. **Future Proof**: HTML5 won't break backward compatibility
3. **Perfect for Examples**: Ideal reference implementation
4. **No Lock-in**: Users own their identity completely
5. **Immediate Testing**: Can validate instantly with online tools
### Negative
1. **Limited Functionality**: Can't do dynamic content without JavaScript
2. **Manual Updates**: Users must edit HTML directly
3. **No Analytics**: Can't track usage without JavaScript
4. **Basic Styling**: Limited to inline CSS for single-file approach
### Mitigation
For users who need more functionality:
- Can progressively enhance with JavaScript
- Can move to server-side rendering later
- Can use as a template for dynamic generation
- Can extend with additional microformats
## Alternatives Considered
### 1. JavaScript-Based Solution
**Rejected because**:
- Adds complexity and dependencies
- Requires ongoing maintenance
- Can break with browser updates
- Not necessary for core functionality
### 2. Server-Side Generation
**Rejected because**:
- Requires server infrastructure
- Increases hosting complexity
- Not portable across platforms
- Overkill for static identity data
### 3. External Stylesheet
**Rejected because**:
- Creates a dependency
- Can break if CSS file is moved
- Increases HTTP requests
- Inline CSS is small enough to not matter
### 4. Using Multiple Files
**Rejected because**:
- Complicates deployment
- Increases chance of errors
- Makes sharing/copying harder
- Benefits don't outweigh complexity
## Implementation Notes
The reference implementation (`/docs/examples/identity-page.html`) includes:
1. **Complete HTML5 structure** with semantic markup
2. **All required IndieAuth elements** properly configured
3. **h-card microformat** with required and optional properties
4. **Inline CSS** for basic but pleasant styling
5. **Extensive comments** explaining each section
6. **Testing instructions** embedded in HTML comments
7. **Common pitfalls** documented inline
## Testing Strategy
Users should test their identity page with:
1. **https://indielogin.com/** - Full authentication flow
2. **https://indiewebify.me/** - h-card validation
3. **W3C Validator** - HTML5 compliance
4. **Real authentication** - Sign in to an IndieWeb service
## Security Considerations
1. **HTTPS Only**: Page must be served over HTTPS
2. **No Secrets**: Everything in the file is public
3. **No JavaScript**: Eliminates XSS vulnerabilities
4. **No External Resources**: No CSRF or resource injection risks
## References
- [IndieAuth Specification](https://indieauth.spec.indieweb.org/)
- [Microformats2 h-card](http://microformats.org/wiki/h-card)
- [IndieWeb Authentication](https://indieweb.org/authentication)
- [indieauth.com](https://indieauth.com/)

334
docs/examples/identity-page-customization-guide.md Normal file
View File

@@ -0,0 +1,334 @@
# IndieAuth Identity Page Customization Guide
## Quick Start
The identity page template (`identity-page.html`) is a complete, working IndieAuth identity page. To use it:
1. Download `identity-page.html`
2. Edit the marked sections with your information
3. Upload to your domain root as `index.html`
4. Test at https://indielogin.com/
## What to Customize
### Required Changes
These MUST be changed for the page to work correctly:
#### 1. Your Name
```html
<!-- Change this -->
<title>Phil Skents</title>
<h1 class="p-name">Phil Skents</h1>
<!-- To this -->
<title>Your Name</title>
<h1 class="p-name">Your Name</h1>
```
#### 2. Your Domain
```html
<!-- Change this -->
<a class="u-url" href="https://thesatelliteoflove.com" rel="me">
https://thesatelliteoflove.com
</a>
<!-- To this (must match where you host this file) -->
<a class="u-url" href="https://yourdomain.com" rel="me">
https://yourdomain.com
</a>
```
### Optional Customizations
#### Add Your Photo
```html
<!-- Uncomment and modify this line -->
<img class="u-photo" src="/avatar.jpg" alt="Your Name">
```
Photo tips:
- Use a square image (1:1 ratio)
- 240x240 pixels minimum recommended
- JPEG or PNG format
- Under 100KB for fast loading
#### Add Your Bio
```html
<p class="p-note">
Your bio here. Keep it brief - 1-2 sentences.
</p>
```
#### Add Social Media Links
Uncomment and modify the social links section:
```html
<li>
<a href="https://github.com/yourusername" rel="me">
GitHub: @yourusername
</a>
</li>
```
**Important**: Only add profiles you control. Some services that support rel="me":
- GitHub (automatic)
- Mastodon (automatic)
- Personal websites
- Some IndieWeb services
#### Add Micropub Endpoint
If you have a Micropub server (like StarPunk):
```html
<link rel="micropub" href="https://yourmicropub.example.com/micropub">
```
## Advanced Customizations
### Custom Styling
The template includes minimal inline CSS. To customize:
1. **Colors**: Change the color values in the `<style>` section
```css
color: #333; /* Text color */
background: #fff; /* Background color */
color: #0066cc; /* Link color */
```
2. **Fonts**: Modify the font-family stack
```css
font-family: Georgia, serif; /* For a more classic look */
```
3. **Layout**: Adjust spacing and widths
```css
max-width: 800px; /* Wider content */
padding: 4rem; /* More padding */
```
### Multiple Profiles
For multiple online identities, add more h-cards:
```html
<div class="h-card">
<h2 class="p-name">Professional Name</h2>
<a class="u-url" href="https://professional.com" rel="me">
https://professional.com
</a>
</div>
<div class="h-card">
<h2 class="p-name">Personal Name</h2>
<a class="u-url" href="https://personal.com" rel="me">
https://personal.com
</a>
</div>
```
### Language Support
For non-English pages:
```html
<html lang="es"> <!-- Spanish -->
<meta charset="utf-8"> <!-- Supports all Unicode characters -->
```
### Accessibility Improvements
```html
<!-- Add language attributes -->
<html lang="en">
<!-- Add descriptive alt text -->
<img class="u-photo" src="/avatar.jpg" alt="Headshot of Your Name">
<!-- Add skip navigation -->
<a href="#main" class="skip-link">Skip to content</a>
```
## Testing Your Customizations
### 1. Local Testing
Open the file in your browser:
```
file:///path/to/identity-page.html
```
Check:
- [ ] Your name appears correctly
- [ ] Links work (won't authenticate locally)
- [ ] Page looks good on mobile (resize browser)
### 2. HTML Validation
Visit https://validator.w3.org/:
1. Choose "Validate by File Upload"
2. Upload your modified file
3. Fix any errors shown
### 3. Microformats Testing
Visit https://indiewebify.me/:
1. After uploading to your domain
2. Use "Validate h-card"
3. Enter your domain
4. Verify your information is detected
### 4. IndieAuth Testing
Visit https://indielogin.com/:
1. Enter your domain
2. Should see "IndieAuth.com" as option
3. Click to authenticate
4. Should complete successfully
## Common Mistakes to Avoid
### 1. URL Mismatches
❌ **Wrong**:
```html
<!-- Hosted at https://example.com but u-url says: -->
<a class="u-url" href="https://different.com">
```
✅ **Correct**:
```html
<!-- URLs must match exactly -->
<a class="u-url" href="https://example.com">
```
### 2. Missing HTTPS
❌ **Wrong**:
```html
<a class="u-url" href="http://example.com">
```
✅ **Correct**:
```html
<a class="u-url" href="https://example.com">
```
### 3. Broken Social Links
❌ **Wrong**:
```html
<!-- Empty href -->
<a href="" rel="me">GitHub</a>
<!-- Placeholder text -->
<a href="https://github.com/yourusername" rel="me">
```
✅ **Correct**:
```html
<!-- Real, working link -->
<a href="https://github.com/actualusername" rel="me">GitHub</a>
```
### 4. Multiple u-url Values
❌ **Wrong**:
```html
<a class="u-url" href="https://example.com">Example</a>
<a class="u-url" href="https://other.com">Other</a>
```
✅ **Correct**:
```html
<!-- Only one u-url that matches your domain -->
<a class="u-url" href="https://example.com">Example</a>
<a href="https://other.com">Other</a> <!-- No u-url class -->
```
## Deployment Options
### Static Hosting Services
The identity page works on any static host:
1. **GitHub Pages**
- Free with GitHub account
- Upload as `index.html` in repository
- Enable Pages in repository settings
2. **Netlify**
- Drag and drop deployment
- Free tier available
- Automatic HTTPS
3. **Vercel**
- Simple deployment
- Free tier available
- Good performance
4. **Traditional Web Hosting**
- Upload via FTP/SFTP
- Place in document root
- Ensure HTTPS is enabled
### File Naming
- `index.html` - For domain root (https://example.com/)
- `identity.html` - For subfolder (https://example.com/identity.html)
- Any name works, but update your StarPunk configuration accordingly
## Integration with StarPunk
Once your identity page is working:
1. **Configure StarPunk** to use your identity URL:
```
IDENTITY_URL=https://yourdomain.com
```
2. **Test Authentication**:
- Visit your StarPunk instance
- Click "Sign In"
- Enter your identity URL
- Should authenticate successfully
3. **Add Micropub Endpoint** (after StarPunk is running):
```html
<link rel="micropub" href="https://starpunk.yourdomain.com/micropub">
```
## Troubleshooting
### Page Not Found
- Ensure file is named correctly (usually `index.html`)
- Check file is in correct directory (document root)
- Verify domain is configured correctly
### Authentication Fails
- Verify HTTPS is working
- Check u-url matches actual URL exactly
- Ensure no typos in endpoint URLs
- Test with browser developer tools for errors
### h-card Not Detected
- Check class names are exact (`h-card`, `p-name`, `u-url`)
- Ensure HTML structure is valid
- Verify no typos in microformat classes
### Social Links Not Working
- Only include rel="me" on profiles you control
- Check URLs are correct and working
- Some services don't support rel="me" back-linking
## Getting Help
- **IndieWeb Chat**: https://indieweb.org/discuss
- **StarPunk Issues**: [GitHub repository]
- **IndieAuth Spec**: https://indieauth.spec.indieweb.org/
- **Microformats Wiki**: http://microformats.org/
Remember: The simplest solution is often the best. Don't add complexity unless you need it.

271
docs/examples/identity-page.html Normal file
View File

@@ -0,0 +1,271 @@
<!DOCTYPE html>
<html lang="en">
<head>
<!--
============================================================
IndieAuth Identity Page - Minimal Reference Implementation
============================================================
This is a complete, working IndieAuth identity page that requires:
- Zero JavaScript
- Zero external dependencies
- Only this single HTML file
To use this template:
1. Replace "Phil Skents" with your name
2. Replace "https://thesatelliteoflove.com" with your domain
3. Optionally add your social media profiles with rel="me"
4. Upload to your domain root (e.g., index.html)
5. Test at https://indielogin.com/
============================================================
-->
<!-- Required: Character encoding -->
<meta charset="utf-8">
<!-- Required: Responsive viewport -->
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- Page title: Your name -->
<title>Phil Skents</title>
<!--
============================================================
CRITICAL: IndieAuth Endpoint Discovery
These links tell IndieAuth clients where to authenticate.
Using indieauth.com as a public service that works for everyone.
============================================================
-->
<!-- Required: Authorization endpoint for IndieAuth -->
<link rel="authorization_endpoint" href="https://indieauth.com/auth">
<!-- Required: Token endpoint for obtaining access tokens -->
<link rel="token_endpoint" href="https://tokens.indieauth.com/token">
<!--
Optional: If you have a Micropub server (like StarPunk), add:
<link rel="micropub" href="https://starpunk.thesatelliteoflove.com/micropub">
-->
<!-- Optional: Minimal styling for readability -->
<style>
/* Reset and base styles */
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto,
"Helvetica Neue", Arial, sans-serif;
line-height: 1.6;
color: #333;
background: #fff;
padding: 2rem;
max-width: 600px;
margin: 0 auto;
}
/* Typography */
h1 {
font-size: 2rem;
margin-bottom: 0.5rem;
color: #000;
}
p {
margin: 1rem 0;
}
a {
color: #0066cc;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
/* Layout */
.h-card {
margin: 2rem 0;
}
.identity-url {
font-size: 1.1rem;
color: #666;
margin-bottom: 1.5rem;
}
.social-links {
margin-top: 2rem;
padding-top: 2rem;
border-top: 1px solid #eee;
}
.social-links h2 {
font-size: 1.2rem;
margin-bottom: 1rem;
color: #666;
}
.social-links ul {
list-style: none;
}
.social-links li {
margin: 0.5rem 0;
}
/* Optional: Avatar styling */
.u-photo {
width: 120px;
height: 120px;
border-radius: 60px;
margin-bottom: 1rem;
}
/* Info box */
.info-box {
background: #f5f5f5;
border-left: 4px solid #0066cc;
padding: 1rem;
margin: 2rem 0;
}
.info-box h3 {
margin-bottom: 0.5rem;
}
.info-box p {
margin: 0.5rem 0;
font-size: 0.9rem;
}
</style>
</head>
<body>
<!--
============================================================
h-card Microformat: Your Identity Information
This is machine-readable markup that IndieAuth uses to
identify you. The h-card is the IndieWeb's business card.
============================================================
-->
<div class="h-card">
<!-- Optional: Your photo/avatar
<img class="u-photo" src="/avatar.jpg" alt="Phil Skents">
-->
<!-- Required: Your name (p-name) -->
<h1 class="p-name">Phil Skents</h1>
<!-- Required: Your identity URL (u-url)
MUST match the URL where this page is hosted -->
<div class="identity-url">
<a class="u-url" href="https://thesatelliteoflove.com" rel="me">
https://thesatelliteoflove.com
</a>
</div>
<!-- Optional: Brief bio or description -->
<p class="p-note">
IndieWeb enthusiast building minimal, standards-compliant web tools.
Creator of StarPunk CMS.
</p>
<!--
============================================================
Optional: Social Media Links with rel="me"
These create a web of trust by linking your identities.
Only include profiles you control.
The receiving site should link back with rel="me" for
bidirectional verification (GitHub and some others do this).
============================================================
-->
<div class="social-links">
<h2>Also me on the web</h2>
<ul>
<!-- Example social links - replace with your actual profiles -->
<!--
<li>
<a href="https://github.com/yourusername" rel="me">
GitHub: @yourusername
</a>
</li>
<li>
<a href="https://mastodon.social/@yourusername" rel="me">
Mastodon: @yourusername@mastodon.social
</a>
</li>
<li>
<a href="https://twitter.com/yourusername" rel="me">
Twitter: @yourusername
</a>
</li>
-->
<!-- For now, just a note about StarPunk -->
<li>
Publishing with
<a href="https://starpunk.thesatelliteoflove.com">
StarPunk
</a>
</li>
</ul>
</div>
</div>
<!--
============================================================
Information Box: How This Works
This section is optional but helpful for visitors.
============================================================
-->
<div class="info-box">
<h3>About This Page</h3>
<p>
This is my IndieAuth identity page. It allows me to sign in to
IndieWeb services using my domain name instead of passwords.
</p>
<p>
<strong>Technical:</strong> This page uses
<a href="https://indieauth.spec.indieweb.org/">IndieAuth</a> for
authentication and
<a href="http://microformats.org/wiki/h-card">h-card microformats</a>
for identity markup.
</p>
<p>
<strong>Privacy:</strong> Authentication is handled by
<a href="https://indieauth.com">IndieAuth.com</a>.
No passwords or personal data are stored on this site.
</p>
</div>
<!--
============================================================
Testing Your Identity Page
After uploading this file to your domain:
1. Visit https://indielogin.com/
2. Enter your domain (e.g., https://thesatelliteoflove.com)
3. You should see IndieAuth.com as an option
4. Complete the authentication flow
To validate your h-card:
1. Visit https://indiewebify.me/
2. Use the h-card validator
3. Enter your domain
4. Verify all information is detected
Common Issues:
- URL mismatch: The u-url must exactly match your domain
- Missing HTTPS: Both your domain and endpoints need HTTPS
- Wrong endpoints: The endpoint URLs must be exactly as shown
============================================================
-->
</body>
</html>

249
docs/reports/identity-domain-validation-2025-11-19.md Normal file
View File

@@ -0,0 +1,249 @@
# Identity Domain Validation Report
**Domain**: https://thesatelliteoflove.com
**Date**: 2025-11-19
**Validator**: StarPunk Architect Agent
**Purpose**: Validate IndieAuth configuration for StarPunk authentication
## Executive Summary
**STATUS**: PARTIALLY READY - Configuration present but has critical issues
The identity domain `https://thesatelliteoflove.com` has the core IndieAuth metadata in place, but contains several configuration errors that will prevent successful authentication. The domain requires fixes before it can be used with StarPunk.
## IndieAuth Configuration Analysis
### 1. Authorization Endpoint ✓ PRESENT (with issues)
```html
<link rel="authorization_endpoint" href="https://indieauth.com/auth">
```
- **Status**: Configured
- **Endpoint**: IndieAuth.com (established IndieAuth service)
- **Issue**: HEAD request returned HTTP 400, suggesting the endpoint may have issues or requires specific parameters
- **Impact**: May cause authentication to fail
### 2. Token Endpoint ✓ PRESENT
```html
<link rel="token_endpoint" href="https://tokens.indieauth.com/token">
```
- **Status**: Configured
- **Endpoint**: tokens.indieauth.com (official token service)
- **Validation**: Returns HTTP 200, endpoint is accessible
- **Impact**: Token generation should work correctly
### 3. Micropub Endpoint ⚠️ DUPLICATE CONFIGURATION
```html
<link rel="micropub" href="https://thesatelliteoflove.com//micropub">
<link rel="micropub" href="" />
```
- **Issue**: Two micropub declarations, one empty
- **Impact**: May confuse clients; the empty one should be removed
- **Note**: The first one points to the domain but has double slash (//)
## Identity Information (h-card)
### Body-level h-card ✓ PRESENT (incomplete)
```html
<body class="h-card">
```
- **Status**: Configured at body level
- **Issue**: The entire page is marked as an h-card, which is technically valid but not best practice
### Identity Properties Found:
1. **Name (p-name)**: ✓ PRESENT
```html
<a class="u-url p-name" href="/">Home</a>
<span class="p-author h-card">Phil Skents</span>
```
- Conflicting names: "Home" vs "Phil Skents"
- Best practice: Should have a single, clear p-name property
2. **URL (u-url)**: ✓ PRESENT
```html
<a class="u-url p-name" href="/">Home</a>
```
- Links to homepage
- Should be full URL (https://thesatelliteoflove.com) for clarity
3. **Photo (u-photo)**: ✗ MISSING
- No photo property found
- Recommended for complete identity representation
4. **Email (u-email)**: Potentially present
```html
<link href="mailto:phil@thesatelliteoflove.com" rel="me">
```
- Present as rel="me" link, not as u-email property
## Social Proof (rel="me" links)
### Links Found:
1. ✗ **Empty rel="me"**: `<link rel="me" href="" />`
2. ✓ **Email**: `<link href="mailto:phil@thesatelliteoflove.com" rel="me">`
**Issues**:
- One empty rel="me" link should be removed
- No links to social media profiles (GitHub, Mastodon, etc.)
- Missing bidirectional verification for rel="me" web sign-in
## Security Assessment
### HTTPS Configuration: ✓ PASS
- Domain properly serves over HTTPS
- No mixed content detected in initial inspection
### Endpoint Accessibility:
- Token endpoint: ✓ Accessible (HTTP 200)
- Authorization endpoint: ⚠️ Returns HTTP 400 (may need investigation)
### Domain Redirects:
- No redirects detected
- Clean HTTPS delivery
## IndieWeb Microformats
### Found:
- `h-card`: Present (body-level)
- `h-feed`: Present on homepage
- `h-entry`: Present for content items
- `p-name`, `u-url`, `dt-published`: Properly used in feed items
- `p-author`: Present in footer
**Assessment**: Good microformats2 markup for content, but identity h-card needs refinement.
## Critical Issues Requiring Fixes
### Priority 1: Must Fix Before Production
1. **Remove empty links**:
- Empty `rel="me"` link
- Empty `rel="micropub"` link
- Empty `rel="webmention"` link
- Empty `rel="pingback"` link
2. **Fix micropub double-slash**:
- Change `https://thesatelliteoflove.com//micropub`
- To: `https://starpunk.thesatelliteoflove.com/micropub`
- (This should point to StarPunk, not the identity domain)
3. **Clarify h-card identity**:
- Create a dedicated h-card element (not body-level)
- Use consistent p-name ("Phil Skents", not "Home")
- Add u-url with full domain URL
- Consider adding u-photo
### Priority 2: Should Fix for Best Practice
1. **Add social proof**:
- Add rel="me" links to social profiles
- Ensure bidirectional linking for web sign-in
2. **Simplify h-card structure**:
- Move h-card from body to specific element (header or aside)
- Reduce confusion with multiple p-name properties
3. **Investigation needed**:
- Determine why https://indieauth.com/auth returns HTTP 400
- May need to test full authentication flow
## Expected Authentication Flow
### Current State:
1. User enters `https://thesatelliteoflove.com` as identity URL
2. StarPunk fetches the page and finds:
- Authorization endpoint: `https://indieauth.com/auth`
- Token endpoint: `https://tokens.indieauth.com/token`
3. StarPunk redirects to IndieAuth.com with:
- client_id: `https://starpunk.thesatelliteoflove.com/`
- redirect_uri: `https://starpunk.thesatelliteoflove.com/auth/callback`
- state: (random value)
4. IndieAuth.com verifies the identity domain
5. User approves the authorization
6. IndieAuth.com redirects back with auth code
7. StarPunk exchanges code for token at tokens.indieauth.com
8. User is authenticated
### Potential Issues:
- Empty rel="me" links may confuse IndieAuth.com
- HTTP 400 from authorization endpoint needs investigation
- Micropub endpoint configuration may cause client confusion
## Recommendations
### Immediate Actions:
1. **Clean up the HTML head**:
```html
<!-- Remove these: -->
<link rel="me" href="" />
<link rel="webmention" href="" />
<link rel="pingback" href="" />
<link rel="micropub" href="" />
<!-- Fix this: -->
<link rel="micropub" href="https://starpunk.thesatelliteoflove.com/micropub">
```
2. **Improve h-card**:
```html
<header class="h-card">
<a class="u-url u-uid" href="https://thesatelliteoflove.com">
<span class="p-name">Phil Skents</span>
</a>
<a class="u-email" href="mailto:phil@thesatelliteoflove.com">Email</a>
</header>
```
3. **Add social verification**:
```html
<link rel="me" href="https://github.com/yourprofile">
<link rel="me" href="https://mastodon.social/@yourhandle">
```
### Testing Actions:
1. Test full IndieAuth flow with IndieLogin.com
2. Verify authorization endpoint functionality
3. Test with StarPunk once fixes are applied
4. Validate h-card parsing with microformats validator
## Architectural Compliance
### IndieWeb Standards: ⚠️ PARTIAL
- Has required IndieAuth endpoints
- Has microformats markup
- Missing complete identity information
- Has configuration errors
### Security Standards: ✓ PASS
- HTTPS properly configured
- Using established IndieAuth services
- No obvious security issues
### Best Practices: ⚠️ NEEDS IMPROVEMENT
- Multiple empty link elements (code smell)
- Duplicate micropub declarations
- Inconsistent identity markup
- Missing social proof
## Conclusion
**Can authentication work right now?** POSSIBLY, but with high risk of failure.
**Should it be used in production?** NO, not until critical issues are fixed.
**Estimated time to fix**: 15-30 minutes of HTML editing.
The domain has the foundational IndieAuth configuration in place, which is excellent. However, the presence of empty link elements and duplicate declarations suggests the site may have been generated from a template with placeholder values that weren't fully configured.
Once the empty links are removed, the micropub endpoint is corrected to point to StarPunk, and the h-card is refined, this domain will be fully ready for IndieAuth authentication.
## Next Steps
1. Fix the identity domain HTML (see Immediate Actions above)
2. Test authentication flow with IndieLogin.com directly
3. Verify StarPunk can discover and use the endpoints
4. Document successful authentication in test report
5. Consider creating a validation script for identity domain setup
---
**Document Status**: Complete
**Last Updated**: 2025-11-19
**Maintained By**: StarPunk Architect Agent