Remove IndieAuth.com fallback

[simonw]

These TODOs:

datasette-indieauth/datasette_indieauth/__init__.py

Lines 41 to 52 in 4999204

	if not authorization_endpoint:
	# Redirect to IndieAuth.com as a fallback
	# TODO: Only do this if rel=me detected
	# TODO: make this a configurable preference
	indieauth_url = "https://indieauth.com/auth?" + urllib.parse.urlencode(
	{
	"me": me,
	"client_id": urls.client_id,
	"redirect_uri": urls.indie_auth_com_redirect_uri,
	}
	)
	return Response.redirect(indieauth_url)

[simonw]

I'm going to remove the indieauth.com mechanism entirely. It's based on an undocumented feature of indieauth.com which isn't likely to last, and users can still take advantage of RelMeAuth by adding the following to their website:

<link href="https://github.com/simonw" rel="me">
<link rel="authorization_endpoint" href="https://indieauth.com/auth">

[simonw]

Full context: the first version of this plugin didn't implement the IndieAuth specification at all - it instead worked using an undocumented feature of IndieAuth.com which allows you to kick off authentication (that scans for RelMeAuth tags) using a form that looked like this:

datasette-indieauth/datasette_indieauth/templates/indieauth.html

Lines 7 to 13 in c55ba4d

	<form action="https://indieauth.com/auth" method="get">
	<p><input type="text" name="me">
	<input type="hidden" name="client_id" value="{{ client_id }}">
	<input type="hidden" name="redirect_uri" value="{{ redirect_uri }}">
	<input type="submit" value="Login">
	</p>
	</form>

I'm currently just using this as a fallback for if no authorization_endpoint is found on the page - but this fallback will stop working when IndieAuth eventually retires.

The only benefit from the fallback is that it allows authentication for pages that use RelMeAuth without including a <link rel="authorization_endpoint"> tag. I'm OK losing that in exchange for simplifying this plugin and protecting against IndieAuth going offline in the future.

[simonw]

Need to update the README too.