this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

store scopes as part of client config

+22 -16
+4 -4
atproto/auth/oauth/cmd/oauth-web-demo/main.go
··· 82 82 83 83 func runServer(cctx *cli.Context) error { 84 84 85 - scope := "atproto transition:generic" 85 + scopes := []string{"transition:generic"} 86 86 bind := ":8080" 87 87 88 88 // TODO: localhost dev mode if hostname is empty ··· 91 91 if hostname == "" { 92 92 config = oauth.NewLocalhostConfig( 93 93 fmt.Sprintf("http://127.0.0.1%s/oauth/callback", bind), 94 - scope, 94 + scopes, 95 95 ) 96 96 slog.Info("configuring localhost OAuth client", "CallbackURL", config.CallbackURL) 97 97 } else { 98 98 config = oauth.NewPublicConfig( 99 99 fmt.Sprintf("https://%s/oauth/client-metadata.json", hostname), 100 100 fmt.Sprintf("https://%s/oauth/callback", hostname), 101 + scopes, 101 102 ) 102 103 } 103 104 ··· 158 159 func (s *Server) ClientMetadata(w http.ResponseWriter, r *http.Request) { 159 160 slog.Info("client metadata request", "url", r.URL, "host", r.Host) 160 161 161 - scope := "atproto transition:generic" 162 - meta := s.OAuth.Config.ClientMetadata(scope) 162 + meta := s.OAuth.Config.ClientMetadata() 163 163 if s.OAuth.Config.IsConfidential() { 164 164 meta.JWKSUri = strPtr(fmt.Sprintf("https://%s/oauth/jwks.json", r.Host)) 165 165 }
+18 -12
atproto/auth/oauth/oauth.go
··· 33 33 type ClientConfig struct { 34 34 ClientID string 35 35 CallbackURL string 36 + // set of scope strings; should not include "atproto" 37 + Scopes []string 36 38 37 39 UserAgent string 38 40 ··· 58 60 return app 59 61 } 60 62 61 - func NewPublicConfig(clientID, callbackURL string) ClientConfig { 63 + func NewPublicConfig(clientID, callbackURL string, scopes []string) ClientConfig { 62 64 c := ClientConfig{ 63 65 ClientID: clientID, 64 66 CallbackURL: callbackURL, 65 67 UserAgent: "indigo-sdk", 68 + Scopes: scopes, 66 69 } 67 70 return c 68 71 } 69 72 70 - func NewLocalhostConfig(callbackURL, scope string) ClientConfig { 71 - slog.Info("NewLocalhostConfig", "callbackURL", callbackURL) 73 + func NewLocalhostConfig(callbackURL string, scopes []string) ClientConfig { 72 74 params := make(url.Values) 73 75 params.Set("redirect_uri", callbackURL) 74 - params.Set("scope", scope) 76 + params.Set("scope", scopeStr(scopes)) 75 77 c := ClientConfig{ 76 78 ClientID: fmt.Sprintf("http://localhost?%s", params.Encode()), 77 79 CallbackURL: callbackURL, 78 80 UserAgent: "indigo-sdk", 81 + Scopes: scopes, 79 82 } 80 - slog.Info("DONE NewLocalhostConfig", "callbackURL", c.CallbackURL) 81 83 return c 82 84 } 83 85 ··· 116 118 return jwks 117 119 } 118 120 121 + // helper to turn a list of scope strings in to a single space-separated scope string 122 + func scopeStr(scopes []string) string { 123 + if len(scopes) == 0 { 124 + return "atproto" 125 + } 126 + return "atproto " + strings.Join(scopes, " ") 127 + } 128 + 119 129 // Returns a ClientMetadata struct with the required fields populated based on this client configuration. Clients may want to populate additional metadata fields on top of this response. 120 130 // 121 131 // NOTE: confidential clients currently must provide JWKSUri after the fact 122 - func (config *ClientConfig) ClientMetadata(scope string) ClientMetadata { 123 - if scope == "" { 124 - scope = "atproto" 125 - } 132 + func (config *ClientConfig) ClientMetadata() ClientMetadata { 126 133 m := ClientMetadata{ 127 134 ClientID: config.ClientID, 128 135 ApplicationType: strPtr("web"), 129 136 GrantTypes: []string{"authorization_code", "refresh_token"}, 130 - Scope: scope, 137 + Scope: scopeStr(config.Scopes), 131 138 ResponseTypes: []string{"code"}, 132 139 RedirectURIs: []string{config.CallbackURL}, 133 140 DpopBoundAccessTokens: true, ··· 497 504 return "", fmt.Errorf("fetching auth server metadata: %w", err) 498 505 } 499 506 500 - // XXX: scope from config 501 - scope := "atproto transition:generic" 507 + scope := scopeStr(app.Config.Scopes) 502 508 info, err := app.SendAuthRequest(ctx, authserverMeta, scope, username) 503 509 if err != nil { 504 510 return "", fmt.Errorf("auth request failed: %w", err)