Phil Skentelbery
8be079593f
Fixes critical IndieAuth authentication failure by implementing modern JSON-based client discovery mechanism per IndieAuth spec section 4.2. Added /.well-known/oauth-authorization-server endpoint returning JSON metadata with client_id, redirect_uris, and OAuth capabilities. Added <link rel="indieauth-metadata"> discovery hint in HTML head. Maintained h-app microformats for backward compatibility with legacy IndieAuth servers. This resolves "client_id is not registered" error from IndieLogin.com by providing the metadata document modern IndieAuth servers expect. Changes: - Added oauth_client_metadata() endpoint in public routes - Returns JSON with client info (24-hour cache) - Uses config values (SITE_URL, SITE_NAME) not hardcoded URLs - Added indieauth-metadata link in base.html - Comprehensive test suite (15 new tests, all passing) - Updated version to v0.6.2 (PATCH increment) - Updated CHANGELOG.md with detailed fix documentation Standards Compliance: - IndieAuth specification section 4.2 - OAuth Client ID Metadata Document format - IANA well-known URI registry - RFC 7591 OAuth 2.0 Dynamic Client Registration Testing: - 467/468 tests passing (99.79%) - 15 new tests for OAuth metadata and discovery - Zero regressions in existing tests - Test coverage maintained at 88% Related Documentation: - ADR-017: OAuth Client ID Metadata Document Implementation - IndieAuth Fix Summary report - Implementation report in docs/reports/ Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
16 KiB
16 KiB