Provide compatibility with older IndieAuth token validation endpoint
paulrobertlloyd opened this issue · 0 comments
paulrobertlloyd commented
Is your feature request related to a problem?
The current version of the IndieAuth spec uses an introspection endpoint to verify tokens:
POST https://indieauth.example.com/introspect
Content-type: application/x-www-form-urlencoded
Accept: application/json
Authorization: Bearer xxxxxxxx
token=xxxxxxxx
However, previous versions of the IndieAuth spec used the token endpoint to verify tokens:
GET https://example.org/token
Authorization: Bearer xxxxxxxx
Accept: application/json
Describe the solution you’d like
Support GET /token
and use the same middleware used for POST /introspect
.