* Authorization requests start by validating the client_id and redirect_id, and
if valid, any further errors are reported by redirecting to the redirect_uri
* Exchange requests attempt to exchange an auth code immediately, ensuring that
auth codes are revoked if the exchange request results in an error (not in the
spec explicitly, but advised by aaronpk)
* TokenStorageInterface is now responsible for accessing both auth codes
and access tokens
* TokenStorageInterface now only defines the methods strictly required
for IndieAuth to work
* TokenStorageInterface now responsible for generating the auth code,
making self-encoded codes possible.
* TokenStorageInterface now responsible for token lifetimes, expiry,
and exchange
* JsonStorage implements new methods, all disk access is wrapped with
lock acquisition
Tests not yet updated!
* Internal error conditions now raise IndieAuthException
* Bubbled unknown exceptions converted to generic IndieAuthException
* Exceptions passed to overridable handler, turned into response
* Wrote many more tests, fixed a variety of problems
* Created corresponding templates
* Changed how Server configuration works
* Ensured that rauthorization approval requests verify their indieauth parameters
* Wrote first passing test for Server, fixed a variety of small errors along the way
Made some minor tweaks and improvements to the utility classes
Required some new dependencies
Server::__construct now takes a single config array as the list of
parameters was getting rather long.
Sketched out first draft of how the library should work, stubbed
a lot of the smaller utility classes required, and outlined the
main handler functions for the IA Server.
Barnaby Walters