5.2 Initiate Authentication Request

[EdwardHinkle]

There needs to be a function that an App can call within IndieWebKit that builds and makes the Authentication Request. It will need to be able to customize the callback per app.

The client builds the authentication request URL by starting with the discovered authorization_endpoint URL and adding the following parameters to the query component:

me - The user's profile URL
client_id - The client URL
redirect_uri - The redirect URL indicating where the user should be redirected to after approving the request
state - A parameter set by the client which will be included when the user is redirected back to the client. This is used to prevent CSRF attacks. The authorization server MUST return the unmodified state value back to the client.
response_type=id - (optional) Indicates to the authorization server that this is an authentication request. If this parameter is missing, the authorization endpoint MUST default to id.

https://indieauth.spec.indieweb.org/#authentication-request

[EdwardHinkle]

Also during this we will want to handle adding support for PKCE:

The client establishes its identity by generating a random secret.
When the client redirects the user to the authorization server, it includes a one-way hashed version of this secret, known as the code_challenge, which the server will store, along with a code_challenge_method describing the hashing algorithm used to make the hash.

https://www.oauth.com/oauth2-servers/pkce/
https://indieweb.org/PKCE#See_Also

[EdwardHinkle]

This is almost entirely finished. The framework since it is multi-platform is breaking on using ASWebAuthenticationSession, so that needs to be figured out