my own indieAuth provider!
indiko.dunkirk.sh/docs
indieauth
oauth2-server
1-- Add username column to authcodes table for direct access without user_id lookup
2ALTER TABLE authcodes ADD COLUMN username TEXT NOT NULL DEFAULT '';
3-- Add ldap_username column to invites table
4-- When set, the invite can only be used by a user with that exact username
5-- Used for LDAP-verified user provisioning flow
6ALTER TABLE invites ADD COLUMN ldap_username TEXT DEFAULT NULL;
7-- Add provisioned_via_ldap flag for audit purposes
8-- Allows admins to identify LDAP-provisioned accounts
9-- Important: If a user is deleted from LDAP, their account remains active but this flag tracks its origin
10ALTER TABLE users ADD COLUMN provisioned_via_ldap INTEGER NOT NULL DEFAULT 0;
11-- Add last_ldap_verified_at timestamp for LDAP account sync with grace period
12-- Tracks when we last verified the user exists in LDAP
13-- Used to implement caching and grace periods for orphaned account detection
14ALTER TABLE users ADD COLUMN last_ldap_verified_at INTEGER DEFAULT NULL;