grantcodes / indieauth-helper Goto Github PK
View Code? Open in Web Editor NEWA IndieAuth helper library for JavaScript
Home Page: https://grantcodes.github.io/indieauth-helper/
A IndieAuth helper library for JavaScript
Home Page: https://grantcodes.github.io/indieauth-helper/
👋🏻 I have been making some progress with my Micropub server. I am in the process of splitting it up in to different packages… and undecided if moving to a mono repo was actually that smart of an idea! But this hopefully means I can more easily share portions of the project with everyone in the wider GitHub repo/discussion soon. However, before I get to that, I would like to add authentication to my server’s UI so you can log in and configure various aspects of it, and perhaps later add an interface for sharing links, etc…
I was trying to build some (additional) IndieAuth middleware so that I can accomplish the above, but then I came across this project, which appears to achieve this in a smarter way than I could ever hope to come up with. But! I’m confused as to how it fits in to my use case.
This Express routes file is a fair summation of what I have so far
Adding some good ol’ fashioned console logging to your package, I tend to get 404 errors, or ’Invalid code provided’ responses. It seems the code returned from IndieLogin is causing errors. If you could let me know if I’m on the right track, I’d be enormously grateful… and happy to add examples to the documentation once I’ve got it all working :-)
an example change here on glitch:
https://glitch.com/edit/#!/veil-mirror?path=lib/indieauth-authentication.js:139:0
updates getEndpointsFromUrl
to accept extra_rels
, an Object mapping the rel
value to the resulting key that should go in the Object that gets returned (currently that contains auth
, and token
).
example usage:
await indieAuth.getEndpointsFromUrl(me,{
'micropub':'micropub', 'microsub':'microsub',
});
Definitely open to other options, like taking extra_rels
as an array, or storing all rels somewhere in options
.
Proof-Key for Code Exchange protects against intercepted authorization codes during the OAuth flow.
I was able to add it to the indieauth helper WIP by:
code_verifier
and storing it in the session for the usersha256
hash of code_verifier
to generate code_challenge
getAuthUrl()
, then adding &code_challenge=...&code_challenge_method=S256
to the string before redirecting.code
for a token, you need to pass along the original value of code_verifier
, so I updated getToken()
to accept an extra_args = {}
Object.you can see the changes here:
https://glitch.com/edit/#!/veil-mirror?path=lib/indieauth-authentication.js:198:1
and the usage of it to add code_challenge to the auth url:
https://glitch.com/edit/#!/veil-mirror?path=server.js:198:1
and the extra args to getToken:
Any plans to update the dependencies of this package? A few, namely axios
are reporting security vulnerabilities.
An easy way would be to just cache them all in this.cachedRels or something
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.