@jackdbd/indieauth
Advanced tools
Schemas and functions for implementing [IndieAuth](https://indieauth.spec.indieweb.org/).
Schemas and functions for implementing IndieAuth.
npm install @jackdbd/indieauth
The access tokens issued by the token endpoint implemented by this plugin are JSON Web Tokens.
Each JWT issued by this token endpoint is signed with RS256 using a random JSON Web Key (JWK) from a given private JWK Set.
Each JWT issued by this token endpoint can be verified by anyone (for example by a revocation endpoint or an introspection endpoint) using the the kid parameter from the matching public JWK Set.
[!WARNING] Since neither OAuth 2.0 nor IndieAuth require an access token to be implemented as a JSON Web Token, I am considering other implementations. Watch the talk Rethinking Authentication to learn more about possible alternative implementations for access tokens.
The refresh tokens issued by the token endpoint implemented by this plugin are Nano IDs generated with nanoid.
[!TIP] Read the article Why we chose NanoIDs for PlanetScale’s API for a comparison of Nano ID with UUIDs.
| Package | Version |
|---|---|
| @jackdbd/canonical-url | 0.2.0-canary.8 |
| @jackdbd/pkce | 0.2.0-canary.7 |
| @jackdbd/schema-validators | 0.2.0-canary.11 |
| @sinclair/typebox | ^0.34.14 |
| ajv | ^8.17.1 |
| ajv-formats | ^3.0.1 |
| dayjs | ^1.11.13 |
| dayjs-plugin-utc | ^0.1.2 |
| jose | ^5.9.6 |
| ms | 3.0.0-canary.1 |
| nanoid | ^5.0.9 |
| posthtml-parser | ^0.12.1 |
email, profilecreate, update, delete, undelete, draft, media© 2024 - 2025 Giacomo Debidda // MIT License
FAQs
Schemas and functions for implementing [IndieAuth](https://indieauth.spec.indieweb.org/).
The npm package @jackdbd/indieauth receives a total of 7 weekly downloads. As such, @jackdbd/indieauth popularity was classified as not popular.
We found that @jackdbd/indieauth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now scans OpenVSX extensions, giving teams early detection of risky behaviors, hidden capabilities, and supply chain threats in developer tools.
Product
Bringing supply chain security to the next generation of JavaScript package managers
Product
A safer, faster way to eliminate vulnerabilities without updating dependencies