* Now passing an auth code data validation callback to the exchange method
* Removed Token, it’s no longer necessary
* Simplified interface where possible
* All tests passing
* Updated docblocks
* Authorization requests start by validating the client_id and redirect_id, and
if valid, any further errors are reported by redirecting to the redirect_uri
* Exchange requests attempt to exchange an auth code immediately, ensuring that
auth codes are revoked if the exchange request results in an error (not in the
spec explicitly, but advised by aaronpk)
* TokenStorageInterface is now responsible for accessing both auth codes
and access tokens
* TokenStorageInterface now only defines the methods strictly required
for IndieAuth to work
* TokenStorageInterface now responsible for generating the auth code,
making self-encoded codes possible.
* TokenStorageInterface now responsible for token lifetimes, expiry,
and exchange
* JsonStorage implements new methods, all disk access is wrapped with
lock acquisition
Tests not yet updated!
* Internal error conditions now raise IndieAuthException
* Bubbled unknown exceptions converted to generic IndieAuthException
* Exceptions passed to overridable handler, turned into response
* Wrote many more tests, fixed a variety of problems
* Created corresponding templates
* Changed how Server configuration works
* Ensured that rauthorization approval requests verify their indieauth parameters
* Wrote first passing test for Server, fixed a variety of small errors along the way
Barnaby Walters