The Wayback Machine - https://web.archive.org/web/20171026202415/https://www.oauth.com/oauth2-servers/indieauth/authorization/

IndieAuth Authorization Workflow

18.2

The basic flow for a user authorizing an application follows.

  • The user enters their personal URL in the sign-in form of the application.
  • Discovery: The application fetches the URL and finds the user’s authorization and token endpoints.
  • Authorization Request: The application directs the user’s browser to the authorization endpoint discovered, as a standard OAuth 2.0 Authorization Grant and requested scopes, along with the user’s URL entered in the first step.
  • Authentication/Approval: The user authenticates at their authorization endpoint, sees the requested scopes, and approves the request. The authorization server generates an authorization code and redirects back to the application’s redirect URL.
  • Token Exchange: The application makes a request to the token endpoint to exchange the authorization code for an access token. The token endpoint responds with an access token and the full URL of the user who authenticated.

You can read more about IndieAuth at indieauth.net.