Skip to content

Instantly share code, notes, and snippets.

Last active Jan 30, 2019
What would you like to do?
Generate Magic login URL for Micropub endpoints

Generate Magic login URL for Micropub endpoints

To make Micropub requests, the specification requires a Bearer token. Many current Micropub clients force the user to go through IndieAuth to obtain this, which means you need to have the required authorization and token endpoints set-up before getting started with Micropub.

The file token-provider.php implements the happy path for the IndieAuth dance resulting in providing the Micropub client with whatever token the user has provided.


raziellight on IRC was trying to get the Micropub client Omnibear to work, and that required him to figure out how to set-up IndieAuth from scratch. I think this is way too big of an investment for getting started with Micropub. It was time to cut out the middle man (or protocol, in this case).

How to use

  1. Put the token-provider.php file on a webserver with PHP support. It has to be accessible over HTTP.
  2. Visit the URL for token-provider.php in a web browser.
  3. Fill the form with the URL for your Micropub endpoint (this is where clients will end up submitting data to) and the token value (this will be sent as Authorization by clients).
  4. Submit the form to get the final URL. The final URL can be copied from the browser’s URL field, or from a new form field that shows on the page.
  5. Use this Magic URL in your Micropub client.

Known limitations

The magic URLs do not work for Micropub clients that use the PHP IndieAuth Client library, like Quill. It treats the magic as invalid.


Both and token-provider.php are released under the Free Public Licence 1.0.0.

// The client is asking for authorization. Allow everything.
if (isset($_GET['redirect_uri'])) {
$redirect = $_GET['redirect_uri'];
if (strpos($_GET['redirect_uri'], '?') === false) {
$redirect .= '?';
} else {
$redirect .= '&';
$parameters = [
'code' => 'ok' . (isset($_GET['scope'])?$_GET['scope']:''),
'me' => $_GET['fakeme'] . '?' . http_build_query([
'endpoint' => $_GET['endpoint'],
'token' => $_GET['token'],
'fakeme' => $_GET['fakeme'],
if (isset($_GET['state'])) {
$parameters['state'] = $_GET['state'];
$redirect .= http_build_query($parameters);
header('Location: ' . $redirect, true, 302);
// The client is asking for access token. Give them what they want.
if (isset($_POST['code'])) {
header('Content-Type: application/json');
'access_token' => $_GET['token'],
'me' => $_GET['fakeme'] . '?' . http_build_query([
'endpoint' => $_GET['endpoint'],
'token' => $_GET['token'],
'fakeme' => $_GET['fakeme'],
'scope' => substr($_POST['code'], 2),
// Figure out current URL.
$ssl = false;
$url = 'http';
if (empty($_SERVER['HTTPS']) === false && $_SERVER['HTTPS'] === 'on') {
$url .= 's';
$ssl = true;
$url .= '://' . $_SERVER['HTTP_HOST'];
if ($ssl && $_SERVER['SERVER_PORT'] !== '443' || $ssl === false && $_SERVER['SERVER_PORT'] !== '80') {
$url .= ':' . $_SERVER['SERVER_PORT'];
$url .= $_SERVER['REQUEST_URI'];
$url = htmlspecialchars($url, ENT_COMPAT | ENT_HTML5, 'UTF-8');
?><!doctype html>
<meta charset="utf-8">
<title>Generate Magic login URL for Micropub endpoints</title>
<?php if (isset($_GET['endpoint']) && isset($_GET['token'])) { ?>
<link rel="authorization_endpoint" href="<?= $url ?>">
<link rel="token_endpoint" href="<?= $url ?>">
<link rel="micropub" href="<?= $_GET['endpoint'] ?>">
<?php } ?>
* {
box-sizing: border-box;
form {
text-align: center;
padding-top: 1em;
label, input {
width: 30em;
display: block;
margin: 0 auto;
text-align: left;
font-size: 100%;
font-family: sans-serif;
line-height: 1.4;
padding: .3em .5em .2em;
input {
margin-bottom: 1em;
border: 1px solid currentColor;
background-color: transparent;
input[type="submit"] {
text-align: center;
p {
font-size: 80%;
font-family: sans-serif;
width: 37.5em;
margin: -.2em auto 0;
text-align: left;
padding: 0 .7em .4em;
line-height: 1.4;
<?php if (isset($_GET['endpoint']) && isset($_GET['token'])) { ?>
<label for="url">Your magic URL</label>
<input type="text" id="url" name="url" value="<?= $url ?>">
<?php } else { ?>
<label for="endpoint"><a href="">Micropub</a> endpoint URL</label>
<input type="text" id="endpoint" name="endpoint" placeholder="">
<label for="token">Bearer token</label>
<p>If you need a token from an actual <a href="">IndieAuth</a> flow, you can use the <a href="">Homebrew Access Token</a> service.</p>
<input type="text" id="token" name="token" placeholder="token">
<input type="hidden" name="fakeme" value="<?= $url ?>">
<input type="submit" value="Create URL">
<?php } ?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment