phil/StarPunk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: Address Micropub design issues and clarify V1 scope

Browse Source 
- Create ADR-029 for IndieAuth/Micropub integration strategy
- Address all critical issues from developer review:
  - Add missing 'me' parameter to token endpoint
  - Clarify PKCE as optional extension
  - Define token security migration strategy
  - Add authorization_codes table schema
  - Define property mapping rules
  - Clarify two authentication flows
- Simplify V1 scope per user decision:
  - Remove update/delete operations from V1
  - Focus on create-only functionality
  - Reduce timeline from 8-10 to 6-8 days
- Update project plan with post-V1 roadmap:
  - Phase 11: Update/delete operations (V1.1)
  - Phase 12: Media endpoint (V1.2)
  - Phase 13: Advanced IndieWeb features (V2.0)
  - Phase 14: Enhanced features (V2.0+)
- Create token security migration documentation
- Update ADR-028 for consistency with simplified scope

BREAKING CHANGE: Token migration will invalidate all existing tokens for security
This commit is contained in:
Phil Skentelbery
2025-11-24 11:39:13 -07:00
parent 5bbecad01d
commit dca9604746
6 changed files with 1127 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docs/decisions/ADR-028-micropub-implementation.md
View File

@@ -53,14 +53,15 @@ We will implement a **minimal but complete Micropub server** for V1, focusing on
- Delegate to existing `notes.py` CRUD functions
- Proper error handling and status codes
3. **V1 Feature Scope**
3. **V1 Feature Scope** (Simplified per user decision)
- ✅ Create posts (form-encoded and JSON)
- ✅ Query endpoints (config, source)
- ✅ Bearer token authentication
- ✅ Scope-based authorization
- ❌ Media endpoint (deferred)
- ❌ Update/delete operations (deferred)
-Syndication (deferred)
- ✅ Scope-based authorization (create only)
- ❌ Media endpoint (post-V1)
- ❌ Update operations (post-V1)
-Delete operations (post-V1)
- ❌ Syndication (post-V1)
### Technology Choices
@@ -139,12 +140,14 @@ We will implement a **minimal but complete Micropub server** for V1, focusing on
- Create post functionality
- Error response formatting
### Phase 3: Queries & Polish (Days 8-10)
### Phase 3: Queries & Polish (Days 6-8)
- Config and source query endpoints
- Authorization endpoint scope handling
- Authorization endpoint with admin session check
- Discovery headers and links
- Client testing and documentation
**Note**: Timeline reduced from 8-10 days to 6-8 days due to V1 scope simplification (no update/delete)
## Alternatives Considered
### Alternative 1: Full Micropub Implementation