#IndieAuth Outline

1. [x] User enters their domain name in the login form.
2. [x] IndieAuth server retrieves the rel=me links from the domain's homepage.
3. [x] IndieAuth server checks if any of the rel=me links point to a supported OAuth provider.
4. [] If a supported OAuth provider is found, IndieAuth server redirects the user to the OAuth provider's authorization endpoint.
5. [] User logs in to the OAuth provider and grants permission for the IndieAuth server to access their information.
6. [] OAuth provider redirects the user back to the IndieAuth server along with an access token.
7. [] IndieAuth server uses the access token to fetch the user's profile information from the OAuth provider.
8. [] IndieAuth server verifies that the profile information includes the user's domain name.
9. [] IndieAuth server verifies that the domain name in the profile information matches the domain name entered by the user in step 1.
10. [] If both verifications succeed, IndieAuth server logs the user in and creates a session for them.

#Useful Links

https://www.rfc-editor.org/rfc/rfc6749 https://indieauth.spec.indieweb.org/

https://indieweb.org/IndieAuth https://aaronparecki.com/2018/07/07/7/oauth-for-the-open-web https://aaronparecki.com/2020/12/03/1/indieauth-2020 https://www.oauth.com/oauth2-servers/signing-in-with-google/getting-an-id-token/ https://www.oauth.com/oauth2-servers/indieauth/

https://indieweb.org/authorization-endpoint https://indieweb.org/token-endpoint

https://github.com/iamspruce/spruce-indieLogin https://github.com/nilsnh/cellar-door

https://gimme-a-token.5eb.nl/