getindiekit/indiekit

Provide compatibility with older IndieAuth token validation endpoint

paulrobertlloyd opened this issue 6 months ago · 0 comments

paulrobertlloyd commented 6 months ago

Is your feature request related to a problem?

The current version of the IndieAuth spec uses an introspection endpoint to verify tokens:

POST https://indieauth.example.com/introspect
Content-type: application/x-www-form-urlencoded
Accept: application/json
Authorization: Bearer xxxxxxxx

token=xxxxxxxx

However, previous versions of the IndieAuth spec used the token endpoint to verify tokens:

GET https://example.org/token
Authorization: Bearer xxxxxxxx
Accept: application/json

Describe the solution you’d like

Support GET /token and use the same middleware used for POST /introspect.