I made some rather big changes to the site over the past month. I added native IndieAuth support, changed pagination to be datetime-based, and added a photostream.

https://www.brentlineberry.com/posts/3966/changelog-indieauth-datetime-pagination-photostream

#WebDesign #WebDevelopment #Indieweb #Indieauth #Changelog

One thing I really like about ATProto/Atmosphere is the concept of a PDS, or Personal Data Server, storing all your account data.

The other day someone announced https://bookhive.buzz, basically ATProto take on https://bookwyrm.social, but unlike Bookwyrm, which requires you to create a separate account, Bookhive lets you log in with your PDS, most commonly your Bluesky account.

That's actually pretty neat.

And we could have something similar with Federated Credential Management (FedCM).

https://developer.mozilla.org/en-US/docs/Web/API/FedCM_API

Here's a GitHub issue requesting this for Mastodon:

https://github.com/mastodon/mastodon/issues/4800

#fediverse #mastodon #FedCM #indieauth #SocialMedia #ATProto #PDS

I'm making some progress on my micropub endpoint based on the https://go.hacdias.com/indielib library.

I can now use my endpoint for IndieAuth, and store posts on the filesystem, in the custom TOML page format I use. I'm having some trouble with the `micropub?q=config` route, and haven't started working on git sync or the media endpoint yet. One step at a time.

The main issue that's holding me back now, is that it's really hard to test if everything works as intended. I've been testing using Quill and Sparkles via my server now, but it's less than ideal to not be able to test it locally. Any advice would be appreciated 😅

Also, https://micropub.rocks doesn't work for me at all, because it doesn't use PCKE apparently.

But the clients are way easier than how I was updating my site until now, so I have enough motivation to keep at it!

#micropub #IndieAuth #indieweb

Fixed: IndieAuth login broken for third-party apps

After adding security headers (Content-Security-Policy) to harden the site, logging in with IndiePass and other IndieAuth clients silently failed — tapping “authorize” did nothing.

The culprit was form-action ‘self’ in the CSP, which blocked Browsers from following the consent form’s redirect to the client’s callback URL (e.g., indiepass.app/android-callback).

Changed to form-action ‘self’ https: to allow IndieAuth redirects to any HTTPS callback. Affects all third-party IndieAuth clients (Micropub editors, Microsub readers, etc.), not just IndiePass.

🔗 https://rmendes.net/notes/2026/02/22/a202f

Building an IndieAuth Comment System for Your Static Site | 🔗 https://brennan.day/building-an-indieauth-comment-system-for-your-static-site/

#indieweb #eleventy #netlify #javascript #indieauth #tutorial