Phil Skentelbery
e5050a0a7e
feat: Implement IndieAuth token and authorization endpoints (Phase 2)
Following design in /docs/design/micropub-architecture.md and
/docs/decisions/ADR-029-micropub-v1-implementation-phases.md
Token Endpoint (/auth/token):
- Exchange authorization codes for access tokens
- Form-encoded POST requests per IndieAuth spec
- PKCE support (code_verifier validation)
- OAuth 2.0 error responses
- Validates client_id, redirect_uri, me parameters
- Returns Bearer tokens with scope
Authorization Endpoint (/auth/authorization):
- GET: Display consent form (requires admin login)
- POST: Process approval/denial
- PKCE support (code_challenge storage)
- Scope validation and filtering
- Integration with session management
- Proper error handling and redirects
All 33 Phase 2 tests pass (17 token + 16 authorization)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-24 12:26:54 -07:00
..
2025-11-18 23:01:53 -07:00
2025-11-18 23:01:53 -07:00
2025-11-24 12:26:54 -07:00
2025-11-18 23:01:53 -07:00
2025-11-19 15:43:38 -07:00