Indiekit

Using this IndieAuth endpoint

To use this authentication endpoint, add the following values to your website’s <head>:

<link rel="authorization_endpoint" href="https://indiekit.jackboberg.dev/auth">
<link rel="token_endpoint" href="https://indiekit.jackboberg.dev/auth/token">
<link rel="indieauth-metadata" href="https://indiekit.jackboberg.dev/.well-known/oauth-authorization-server">

Get a user’s identity

Request an authorization code

GET https://indiekit.jackboberg.dev/auth
Content-type: application/x-www-form-urlencoded

response_type=code
&client_id=https://indiekit.jackboberg.dev
&redirect_uri=https://indiekit.jackboberg.dev/session/auth
&code_challenge=xxxxxxxxxx
&code_challenge_method=S256
&state=1234567890
&scope=create+delete+update

If the user approves the request, the endpoint will generate an authorization code and redirect back to the client:

HTTP/1.1 302 Found
Location: https://indiekit.jackboberg.dev/session/auth?code=xxxxxxxx
  &state=1234567890
  &iss=https://indiekit.jackboberg.dev

Redeem an authorization code for a user’s profile URL

POST https://indiekit.jackboberg.dev/auth
Content-type: application/x-www-form-urlencoded
Accept: application/json

grant_type=authorization_code
&code=xxxxxxxxxx
&client_id=https://indiekit.jackboberg.dev
&redirect_uri=https://indiekit.jackboberg.dev/session/auth
&code_verifier=xxxxxxxxxx

HTTP/1.1 200 OK
Content-Type: application/json

{
  "me": "https://jackboberg.dev"
}

Get a user’s access permissions

Redeem an authorization code for an access token

POST https://indiekit.jackboberg.dev/auth/token
Content-type: application/x-www-form-urlencoded
Accept: application/json

grant_type=authorization_code
&code=xxxxxxxxxx
&client_id=https://indiekit.jackboberg.dev
&redirect_uri=https://indiekit.jackboberg.dev/session/auth
&code_verifier=xxxxxxxxxx

HTTP/1.1 200 OK
Content-Type: application/json

{
  "access_token": "xxxxxxxxxx",
  "token_type": "Bearer",
  "me": "https://jackboberg.dev",
  "scope": "create delete update"
}

Verify an access token

POST https://indiekit.jackboberg.dev/auth/introspect
Content-type: application/x-www-form-urlencoded
Accept: application/json
Authorization: Bearer xxxxxxxx

token=xxxxxxxx

HTTP/1.1 200 OK
Content-Type: application/json

{
  "active": true,
  "client_id": "https://indiekit.jackboberg.dev",
  "me": "https://jackboberg.dev",
  "scope": "create delete update",
  "iat": 1668682284,
  "exp": 1676458284
}