phil/StarPunk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ebca9064c503aa0fbe89b8c680057d5bc1be7f59
StarPunk/docs/architecture/indieauth-client-diagnosis.md
Phil Skentelbery dd85917988 docs: add IndieAuth client identification analysis and decision 
Architect analysis identified the root cause of 'client_id is not
registered' error: h-app microformat is hidden from parsers.

Includes:
- Complete diagnosis of IndieAuth client registration issue
- ADR-006: IndieAuth Client Identification decision record
- Implementation guidelines for developer

Developer task: Remove hidden attributes from h-app div.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-19 14:09:14 -07:00

139 lines
4.0 KiB
Markdown
Raw Blame History

# IndieAuth Client Registration Issue - Diagnosis Report
**Date:** 2025-11-19
**Issue:** IndieLogin.com reports "This client_id is not registered"
**Client ID:** https://starpunk.thesatelliteoflove.com
## Executive Summary
The issue is caused by the h-app microformat on StarPunk being **hidden** with both `hidden` and `aria-hidden="true"` attributes. This makes the client identification invisible to IndieAuth parsers.
## Analysis Results
### 1. Identity Domain (https://thesatelliteoflove.com) ✅
**Status:** PROPERLY CONFIGURED
The identity page has all required IndieAuth elements:
```html
<!-- IndieAuth endpoints are correctly declared -->
<link rel="authorization_endpoint" href="https://indieauth.com/auth">
<link rel="token_endpoint" href="https://tokens.indieauth.com/token">
<!-- h-card is properly structured -->
<div class="h-card">
<h1 class="p-name">Phil Skents</h1>
<p class="identity-url">
<a class="u-url u-uid" href="https://thesatelliteoflove.com">
https://thesatelliteoflove.com
</a>
</p>
</div>
```
### 2. StarPunk Client (https://starpunk.thesatelliteoflove.com) ❌
**Status:** MISCONFIGURED - Client identification is hidden
The h-app microformat exists but is **invisible** to parsers:
```html
<!-- PROBLEM: hidden and aria-hidden attributes -->
<div class="h-app" hidden aria-hidden="true">
<a href="https://starpunk.thesatelliteoflove.com" class="u-url p-name">StarPunk</a>
</div>
```
## Root Cause
IndieAuth clients must be identifiable through visible h-app or h-x-app microformats. The `hidden` attribute makes the element completely invisible to:
1. Microformat parsers
2. Screen readers
3. Search engines
4. IndieAuth verification services
When IndieLogin.com attempts to verify the client_id, it cannot find any client identification because the h-app is hidden from the DOM.
## IndieAuth Client Verification Process
1. User initiates auth with client_id=https://starpunk.thesatelliteoflove.com
2. IndieLogin fetches the client URL
3. IndieLogin parses for h-app/h-x-app microformats
4. **FAILS:** No visible h-app found due to `hidden` attribute
5. Returns error: "This client_id is not registered"
## Solution
Remove the `hidden` and `aria-hidden="true"` attributes from the h-app div:
### Current (Broken):
```html
<div class="h-app" hidden aria-hidden="true">
<a href="https://starpunk.thesatelliteoflove.com" class="u-url p-name">StarPunk</a>
</div>
```
### Fixed:
```html
<div class="h-app">
<a href="https://starpunk.thesatelliteoflove.com" class="u-url p-name">StarPunk</a>
</div>
```
If visual hiding is desired, use CSS instead:
```css
.h-app {
position: absolute;
left: -9999px;
width: 1px;
height: 1px;
overflow: hidden;
}
```
However, **best practice** is to keep it visible as client identification, possibly styled as:
```html
<footer>
<div class="h-app">
<p>
<a href="https://starpunk.thesatelliteoflove.com" class="u-url p-name">StarPunk</a>
<span class="p-version">v0.6.1</span>
</p>
</div>
</footer>
```
## Verification Steps
After fixing:
1. Deploy the updated HTML without `hidden` attributes
2. Test at https://indiewebify.me/ - verify h-app is detected
3. Clear any caches (CloudFlare, browser, etc.)
4. Test authentication flow at https://indielogin.com/
## Additional Recommendations
1. **Add more client metadata** for better identification:
```html
<div class="h-app">
<img src="/static/logo.png" class="u-logo" alt="StarPunk logo">
<a href="https://starpunk.thesatelliteoflove.com" class="u-url p-name">StarPunk</a>
<p class="p-summary">A minimal IndieWeb CMS</p>
</div>
```
2. **Consider adding redirect_uri registration** if using fixed callback URLs
3. **Test with multiple IndieAuth parsers**:
- https://indiewebify.me/
- https://sturdy-backbone.glitch.me/
- https://microformats.io/
## References
- [IndieAuth Spec - Client Information Discovery](https://indieauth.spec.indieweb.org/#client-information-discovery)
- [Microformats h-app](http://microformats.org/wiki/h-app)
- [IndieWeb Client ID](https://indieweb.org/client_id)
Reference in New Issue View Git Blame Copy Permalink