fix: Add grant_type to IndieAuth token exchange (v0.9.3)
The token exchange request was missing the required grant_type parameter per OAuth 2.0 RFC 6749. IndieAuth providers that properly validate this were rejecting the request with a 422 error. - Add grant_type=authorization_code to token exchange data - Add ADR-022 documenting the spec compliance requirement 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
## [0.9.3] - 2025-11-22
|
||||
|
||||
### Fixed
|
||||
- **IndieAuth token exchange missing grant_type**: Added required `grant_type=authorization_code` parameter to token exchange request
|
||||
- OAuth 2.0 spec requires this parameter for authorization code flow
|
||||
- Some IndieAuth providers reject token exchange without this parameter
|
||||
- Fixes authentication failures with spec-compliant IndieAuth providers
|
||||
|
||||
## [0.9.2] - 2025-11-22
|
||||
|
||||
### Fixed
|
||||
|
||||
Reference in New Issue
Block a user