As noted in #243 (closed), I misimplemented the IndieAuth spec, ending up performing authorization code verification and authorization code grant, which is not allowed as the authorization code should be single use.
When IndieAuth.com fixed this, www-editor broke.
To fix this, we need to retrieve the
me from the response from the
authorization code grant, which results in a few internal tweaks:
- we need to map the
meof a given authorization request
- we need to return the
mefrom the token endpoint request, which requires mapping the full
TokenEndpointResponse, which for now, only includes
- we need to provide a means to determine the
mefor a given
Closes #243 (closed).