phil/StarPunk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Add grant_type to IndieAuth token exchange (v0.9.3)

Browse Source 
The token exchange request was missing the required grant_type parameter
per OAuth 2.0 RFC 6749. IndieAuth providers that properly validate this
were rejecting the request with a 422 error.

- Add grant_type=authorization_code to token exchange data
- Add ADR-022 documenting the spec compliance requirement

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Phil Skentelbery
2025-11-22 18:50:23 -07:00
parent 44a97e4ffa
commit cbef0c1561
5 changed files with 163 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
starpunk/__init__.py
View File

@@ -153,5 +153,5 @@ def create_app(config=None):
# Package version (Semantic Versioning 2.0.0)
# See docs/standards/versioning-strategy.md for details
__version__ = "0.9.2"
__version_info__ = (0, 9, 2)
__version__ = "0.9.3"
__version_info__ = (0, 9, 3)

1
starpunk/auth.py
View File

@@ -409,6 +409,7 @@ def handle_callback(code: str, state: str, iss: Optional[str] = None) -> Optiona
# Prepare token exchange request with PKCE verifier
token_exchange_data = {
"grant_type": "authorization_code",
"code": code,
"client_id": current_app.config["SITE_URL"],
"redirect_uri": f"{current_app.config['SITE_URL']}auth/callback",