@jackdbd/indieauth
@jackdbd/indieauth
Schemas and functions for implementing IndieAuth.
Installation
npm install @jackdbd/indieauth
Access tokens
The access tokens issued by the token endpoint implemented by this plugin are JSON Web Tokens.
Each JWT issued by this token endpoint is signed with RS256 using a random JSON Web Key (JWK) from a given private JWK Set.
Each JWT issued by this token endpoint can be verified by anyone (for example by a revocation endpoint or an introspection endpoint) using the the kid parameter from the matching public JWK Set.
Since neither OAuth 2.0 nor IndieAuth require an access token to be implemented as a JSON Web Token, I am considering other implementations. Watch the talk Rethinking Authentication to learn more about possible alternative implementations for access tokens.
Refresh tokens
The refresh tokens issued by the token endpoint implemented by this plugin are Nano IDs generated with nanoid.
Read the article Why we chose NanoIDs for PlanetScale’s API for a comparison of Nano ID with UUIDs.
Docs
Dependencies
| Package | Version |
|---|---|
| @jackdbd/canonical-url | 0.2.0-canary.8 |
| @jackdbd/pkce | 0.2.0-canary.7 |
| @jackdbd/schema-validators | 0.2.0-canary.12 |
| @sinclair/typebox | ^0.34.14 |
| ajv | ^8.17.1 |
| ajv-formats | ^3.0.1 |
| dayjs | ^1.11.13 |
| dayjs-plugin-utc | ^0.1.2 |
| jose | ^5.9.6 |
| ms | 3.0.0-canary.1 |
| nanoid | ^5.0.9 |
| posthtml-parser | ^0.12.1 |
References
- Issuing an Access Token - The OAuth 2.0 Authorization Framework (RFC 6749)
- Refreshing an Access Token - The OAuth 2.0 Authorization Framework (RFC 6749)
- Access Token Response - IndieAuth
- IndieAuth Rocks! (validator for testing IndieAuth client and server implementations)
- IndieAuth scopes:
email,profile - Micropub scopes:
create,update,delete,undelete,draft,media
License
© 2024 - 2025 Giacomo Debidda // MIT License