alice.mosphere.at / indigo
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

consistent DPoP capitalization

following Google style guide: https://google.github.io/styleguide/go/decisions#initialisms

bryan newbold 6dd98776 96d8f47f

+28 -28
+10 -10
atproto/auth/oauth/oauth.go
··· 162 162 Scope: scopeStr(config.Scopes), 163 163 ResponseTypes: []string{"code"}, 164 164 RedirectURIs: []string{config.CallbackURL}, 165 - DpopBoundAccessTokens: true, 165 + DPoPBoundAccessTokens: true, 166 166 TokenEndpointAuthMethod: "none", 167 167 } 168 168 if config.IsConfidential() { ··· 202 202 } 203 203 204 204 // TODO: refactor this in to ClientAuthStore layer? 205 - priv, err := crypto.ParsePrivateMultibase(sd.DpopPrivateKeyMultibase) 205 + priv, err := crypto.ParsePrivateMultibase(sd.DPoPPrivateKeyMultibase) 206 206 if err != nil { 207 207 return nil, err 208 208 } 209 - sess.DpopPrivateKey = priv 209 + sess.DPoPPrivateKey = priv 210 210 return &sess, nil 211 211 } 212 212 ··· 409 409 Scope: scope, 410 410 PKCEVerifier: pkceVerifier, 411 411 RequestURI: parResp.RequestURI, 412 - DpopAuthServerNonce: dpopServerNonce, 413 - DpopPrivateKeyMultibase: dpopPrivKey.Multibase(), 412 + DPoPAuthServerNonce: dpopServerNonce, 413 + DPoPPrivateKeyMultibase: dpopPrivKey.Multibase(), 414 414 } 415 415 416 416 return &parInfo, nil ··· 441 441 body.ClientAssertion = &clientAssertion 442 442 } 443 443 444 - dpopPrivKey, err := crypto.ParsePrivateMultibase(info.DpopPrivateKeyMultibase) 444 + dpopPrivKey, err := crypto.ParsePrivateMultibase(info.DPoPPrivateKeyMultibase) 445 445 if err != nil { 446 446 return nil, err 447 447 } ··· 452 452 } 453 453 bodyBytes := []byte(vals.Encode()) 454 454 455 - dpopServerNonce := info.DpopAuthServerNonce 455 + dpopServerNonce := info.DPoPAuthServerNonce 456 456 457 457 var resp *http.Response 458 458 for range 2 { ··· 638 638 AuthServerURL: info.AuthServerURL, 639 639 AccessToken: tokenResp.AccessToken, 640 640 RefreshToken: tokenResp.RefreshToken, 641 - DpopAuthServerNonce: info.DpopAuthServerNonce, 642 - DpopHostNonce: info.DpopAuthServerNonce, // bootstrap host nonce from authserver 643 - DpopPrivateKeyMultibase: info.DpopPrivateKeyMultibase, 641 + DPoPAuthServerNonce: info.DPoPAuthServerNonce, 642 + DPoPHostNonce: info.DPoPAuthServerNonce, // bootstrap host nonce from authserver 643 + DPoPPrivateKeyMultibase: info.DPoPPrivateKeyMultibase, 644 644 } 645 645 if err := app.Store.SaveSession(ctx, sessData); err != nil { 646 646 return nil, err
+14 -14
atproto/auth/oauth/session.go
··· 46 46 RefreshToken string `json:"refresh_token"` 47 47 48 48 // Current auth server DPoP nonce 49 - DpopAuthServerNonce string `json:"dpop_authserver_nonce"` 49 + DPoPAuthServerNonce string `json:"dpop_authserver_nonce"` 50 50 51 51 // Current host ("resource server", eg PDS) DPoP nonce 52 - DpopHostNonce string `json:"dpop_host_nonce"` 52 + DPoPHostNonce string `json:"dpop_host_nonce"` 53 53 54 54 // The secret cryptographic key generated by the client for this specific OAuth session 55 - DpopPrivateKeyMultibase string `json:"dpop_privatekey_multibase"` 55 + DPoPPrivateKeyMultibase string `json:"dpop_privatekey_multibase"` 56 56 57 57 // TODO: also persist access token creation time / expiration time? In context that token might not be an easily parsed JWT 58 58 } ··· 63 63 64 64 Config *ClientConfig 65 65 Data *ClientSessionData 66 - DpopPrivateKey crypto.PrivateKey 66 + DPoPPrivateKey crypto.PrivateKey 67 67 68 68 PersistSessionCallback PersistSessionCallback 69 69 ··· 102 102 103 103 var resp *http.Response 104 104 for range 2 { 105 - dpopJWT, err := NewAuthDPoP("POST", sess.Data.AuthServerTokenEndpoint, sess.Data.DpopAuthServerNonce, sess.DpopPrivateKey) 105 + dpopJWT, err := NewAuthDPoP("POST", sess.Data.AuthServerTokenEndpoint, sess.Data.DPoPAuthServerNonce, sess.DPoPPrivateKey) 106 106 if err != nil { 107 107 return "", err 108 108 } ··· 121 121 122 122 // always check if a new DPoP nonce was provided, and proactively update session data (even if there was not an explicit error) 123 123 dpopNonceHdr := resp.Header.Get("DPoP-Nonce") 124 - if dpopNonceHdr != "" && dpopNonceHdr != sess.Data.DpopAuthServerNonce { 125 - sess.Data.DpopAuthServerNonce = dpopNonceHdr 124 + if dpopNonceHdr != "" && dpopNonceHdr != sess.Data.DPoPAuthServerNonce { 125 + sess.Data.DPoPAuthServerNonce = dpopNonceHdr 126 126 } 127 127 128 128 // check for an error condition caused by an out of date DPoP nonce ··· 183 183 ExpiresAt: jwt.NewNumericDate(time.Now().Add(JWT_EXPIRATION_DURATION)), 184 184 }, 185 185 } 186 - if sess.Data.DpopHostNonce != "" { 187 - claims.Nonce = &sess.Data.DpopHostNonce 186 + if sess.Data.DPoPHostNonce != "" { 187 + claims.Nonce = &sess.Data.DPoPHostNonce 188 188 } 189 189 190 - keyMethod, err := keySigningMethod(sess.DpopPrivateKey) 190 + keyMethod, err := keySigningMethod(sess.DPoPPrivateKey) 191 191 if err != nil { 192 192 return "", err 193 193 } 194 194 195 195 // TODO: store a copy of this JWK on the ClientSession as a private field, for efficiency 196 - pub, err := sess.DpopPrivateKey.PublicKey() 196 + pub, err := sess.DPoPPrivateKey.PublicKey() 197 197 if err != nil { 198 198 return "", err 199 199 } ··· 205 205 token := jwt.NewWithClaims(keyMethod, claims) 206 206 token.Header["typ"] = "dpop+jwt" 207 207 token.Header["jwk"] = pubJWK 208 - return token.SignedString(sess.DpopPrivateKey) 208 + return token.SignedString(sess.DPoPPrivateKey) 209 209 } 210 210 211 211 // copy a request URL and strip query params and fragment, for DPoP ··· 237 237 sess.lk.RLock() 238 238 defer sess.lk.RUnlock() 239 239 240 - return sess.Data.AccessToken, sess.Data.DpopHostNonce 240 + return sess.Data.AccessToken, sess.Data.DPoPHostNonce 241 241 } 242 242 243 243 func (sess *ClientSession) UpdateHostDPoPNonce(ctx context.Context, nonce string) { 244 244 sess.lk.Lock() 245 245 defer sess.lk.Unlock() 246 246 247 - sess.Data.DpopHostNonce = nonce 247 + sess.Data.DPoPHostNonce = nonce 248 248 249 249 if sess.PersistSessionCallback != nil { 250 250 sess.PersistSessionCallback(ctx, sess.Data)
+4 -4
atproto/auth/oauth/types.go
··· 56 56 TokenEndpointAuthSigningAlg *string `json:"token_endpoint_auth_signing_alg,omitempty"` 57 57 58 58 // DPoP is mandatory for all clients, so this must be present and true 59 - DpopBoundAccessTokens bool `json:"dpop_bound_access_tokens"` 59 + DPoPBoundAccessTokens bool `json:"dpop_bound_access_tokens"` 60 60 61 61 // confidential clients must supply at least one public key in JWK format for use with JWT client authentication. Either this field or the `jwks_uri` field must be provided for confidential clients, but not both. 62 62 JWKS *JWKS `json:"jwks,omitempty"` ··· 138 138 return fmt.Errorf("%w: token_endpoint_auth_signing_alg must not be 'none'", ErrInvalidClientMetadata) 139 139 } 140 140 141 - if !m.DpopBoundAccessTokens { 141 + if !m.DPoPBoundAccessTokens { 142 142 return fmt.Errorf("%w: dpop_bound_access_tokens must be true (DPoP is required)", ErrInvalidClientMetadata) 143 143 } 144 144 ··· 340 340 PKCEVerifier string `json:"pkce_verifier"` 341 341 342 342 // Server-provided DPoP nonce from auth request (PAR) 343 - DpopAuthServerNonce string `json:"dpop_authserver_nonce"` 343 + DPoPAuthServerNonce string `json:"dpop_authserver_nonce"` 344 344 345 345 // The secret cryptographic key generated by the client for this specific OAuth session 346 - DpopPrivateKeyMultibase string `json:"dpop_privatekey_multibase"` 346 + DPoPPrivateKeyMultibase string `json:"dpop_privatekey_multibase"` 347 347 } 348 348 349 349 // The fields which are included in an initial token refresh request. These HTTP POST bodies are form-encoded, so use URL encoding syntax, not JSON.