Publ: Development Blog

Entries tagged IndieWeb and release

Publ v0.7.2, Authl v0.5.0

Posted Thursday, July 8 at 8:56 PM (10 months ago)

Big new releases for Publ and Authl!

Publ changes:

Authl changes:

  • Improve the meta robots rules on the login form
  • Add IndieWeb endpoint discovery to the profile

Publ 0.5.8, Authl 0.3.1, and IndieAuth security

Posted Wednesday, October 30 at 7:11 PM (2 years ago)

So, both Publ and Authl had a pretty na├»ve issue with the identity verification step of the IndieAuth flow; it simply accepted whatever the authorization endpoint said the user’s identity was. This made it very simple to spoof one’s identity and log in as anyone on any Publ or Authl site.

Authl 0.3.1 fixes the problem with the IndieAuth login flow, and Publ 0.5.8 fixes the problem with the Bearer token flow.