Two PSAs regarding IndieAuth
IndieAuth is starting to get some traction in the greater Internet space, which is really cool! I’m glad to see a protocol finally emerging around distributed/federated identity, managing to get some traction where OpenID more or less failed (despite a few hangers-on still supporting it).
There are two issues that implementers of IndieAuth clients (i.e. websites which use IndieAuth for authentication) and endpoints (i.e. the things which do the actual authentication) should be aware of.