dunkirk.sh / indiko
my own indieAuth provider! indiko.dunkirk.sh/docs
indieauth oauth2-server
6
fork

Configure Feed

Select the types of activity you want to include in your feed.

feat: handle form encoded data

Kieran Klukas 957a8121 008519a6

+25 -5
+4 -4
src/index.ts
··· 41 41 return new Response("Method not allowed", { status: 405 }); 42 42 }, 43 43 // IndieAuth/OAuth 2.0 endpoints 44 - "/auth/authorize": (req: Request) => { 44 + "/auth/authorize": async (req: Request) => { 45 45 if (req.method === "GET") return authorizeGet(req); 46 - if (req.method === "POST") return authorizePost(req); 46 + if (req.method === "POST") return await authorizePost(req); 47 47 return new Response("Method not allowed", { status: 405 }); 48 48 }, 49 - "/auth/token": (req: Request) => { 50 - if (req.method === "POST") return token(req); 49 + "/auth/token": async (req: Request) => { 50 + if (req.method === "POST") return await token(req); 51 51 return new Response("Method not allowed", { status: 405 }); 52 52 }, 53 53 "/auth/logout": (req: Request) => {
+21 -1
src/routes/indieauth.ts
··· 458 458 // POST /auth/token - Exchange authorization code for user identity 459 459 export async function token(req: Request): Promise<Response> { 460 460 try { 461 - const body = await req.json(); 461 + const contentType = req.headers.get("Content-Type"); 462 + let body: Record<string, string>; 463 + 464 + // Support both JSON and form-encoded requests 465 + if (contentType?.includes("application/json")) { 466 + body = await req.json(); 467 + } else if (contentType?.includes("application/x-www-form-urlencoded")) { 468 + const formData = await req.formData(); 469 + body = Object.fromEntries(formData.entries()) as Record<string, string>; 470 + } else { 471 + console.error("Token endpoint: unsupported content type:", contentType); 472 + return Response.json( 473 + { 474 + error: "invalid_request", 475 + error_description: "Content-Type must be application/json or application/x-www-form-urlencoded", 476 + }, 477 + { status: 400 }, 478 + ); 479 + } 480 + 462 481 const { 463 482 grant_type, 464 483 code, ··· 478 497 } 479 498 480 499 if (!code || !client_id || !redirect_uri || !code_verifier) { 500 + console.error("Token endpoint: missing parameters", { code: !!code, client_id: !!client_id, redirect_uri: !!redirect_uri, code_verifier: !!code_verifier }); 481 501 return Response.json( 482 502 { 483 503 error: "invalid_request",