- Add logging helper functions with automatic token redaction
- Implement comprehensive logging throughout auth flow
- Add production warning for DEBUG logging
- Add 14 new tests for logging functionality
- Update version to v0.7.0
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixes critical IndieAuth authentication failure by implementing modern
JSON-based client discovery mechanism per IndieAuth spec section 4.2.
Added /.well-known/oauth-authorization-server endpoint returning JSON
metadata with client_id, redirect_uris, and OAuth capabilities.
Added <link rel="indieauth-metadata"> discovery hint in HTML head.
Maintained h-app microformats for backward compatibility with legacy
IndieAuth servers.
This resolves "client_id is not registered" error from IndieLogin.com
by providing the metadata document modern IndieAuth servers expect.
Changes:
- Added oauth_client_metadata() endpoint in public routes
- Returns JSON with client info (24-hour cache)
- Uses config values (SITE_URL, SITE_NAME) not hardcoded URLs
- Added indieauth-metadata link in base.html
- Comprehensive test suite (15 new tests, all passing)
- Updated version to v0.6.2 (PATCH increment)
- Updated CHANGELOG.md with detailed fix documentation
Standards Compliance:
- IndieAuth specification section 4.2
- OAuth Client ID Metadata Document format
- IANA well-known URI registry
- RFC 7591 OAuth 2.0 Dynamic Client Registration
Testing:
- 467/468 tests passing (99.79%)
- 15 new tests for OAuth metadata and discovery
- Zero regressions in existing tests
- Test coverage maintained at 88%
Related Documentation:
- ADR-017: OAuth Client ID Metadata Document Implementation
- IndieAuth Fix Summary report
- Implementation report in docs/reports/
Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add h-app microformats markup to base.html to enable IndieLogin.com
to verify StarPunk as a legitimate OAuth client. Without this markup,
IndieLogin returns "client_id is not registered" error, blocking all
production authentication.
The h-app markup provides client identification per IndieAuth legacy
standard, which is widely supported by authorization servers including
IndieLogin.com.
Changes:
- Add h-app microformats div to base.html footer (hidden)
- Update version to v0.6.1 (patch release per ADR-008)
- Update CHANGELOG.md with v0.6.1 release notes
- Add 6 comprehensive tests for h-app markup (all passing)
- Create ADR-016 documenting client discovery decision
- Create architecture analysis report
- Create implementation report
Tests: 456 total, 455 passing (99.78%)
New tests: 6 for h-app microformats (100% passing)
Fixes critical bug preventing production authentication.
Related: Phase 3 Authentication implementation, ADR-016
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixes:
- Add autouse fixture to clear feed cache between tests
- Fix RSS channel link assertion (feedgen adds feed.xml to links)
- Fix note title test to use minimal valid content
- Fix sample_notes fixture scope issue
All feed tests now pass with proper test isolation.
Adds unit tests for feed module and integration tests for feed route.
test_feed.py:
- Feed generation with various note counts
- RFC-822 date formatting
- Note title extraction
- HTML cleaning for CDATA safety
- Feed structure validation
- Special characters and Unicode handling
test_routes_feed.py:
- Feed route accessibility and response
- Content-Type and cache headers
- ETag generation and validation
- Server-side caching behavior
- Published notes filtering
- Feed item limit configuration
- Configuration integration
All tests follow existing test patterns and use proper fixtures.
