alice.mosphere.at / indigo
this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

oauth: store auth req scopes same way as auth session (array of strings)

bryan newbold c4a13080 9fa07224

+7 -8
+5 -6
atproto/auth/oauth/oauth.go
··· 312 312 } 313 313 314 314 // Low-level helper to send PAR request to auth server, which involves starting PKCE and DPoP. 315 - func (app *ClientApp) SendAuthRequest(ctx context.Context, authMeta *AuthServerMetadata, scope, loginHint string) (*AuthRequestData, error) { 315 + func (app *ClientApp) SendAuthRequest(ctx context.Context, authMeta *AuthServerMetadata, scopes []string, loginHint string) (*AuthRequestData, error) { 316 316 317 317 parURL := authMeta.PushedAuthorizationRequestEndpoint 318 318 state := secureRandomBase64(16) ··· 326 326 ClientID: app.Config.ClientID, 327 327 State: state, 328 328 RedirectURI: app.Config.CallbackURL, 329 - Scope: scope, 329 + Scope: scopeStr(scopes), 330 330 ResponseType: "code", 331 331 CodeChallenge: codeChallenge, 332 332 CodeChallengeMethod: "S256", ··· 360 360 return nil, err 361 361 } 362 362 363 - slog.Debug("sending auth request", "scope", scope, "state", state, "redirectURI", app.Config.CallbackURL) 363 + slog.Debug("sending auth request", "scopes", scopes, "state", state, "redirectURI", app.Config.CallbackURL) 364 364 365 365 var resp *http.Response 366 366 for range 2 { ··· 414 414 parInfo := AuthRequestData{ 415 415 State: state, 416 416 AuthServerURL: authMeta.Issuer, 417 - Scope: scope, 417 + Scopes: scopes, 418 418 PKCEVerifier: pkceVerifier, 419 419 RequestURI: parResp.RequestURI, 420 420 AuthServerTokenEndpoint: authMeta.TokenEndpoint, ··· 554 554 return "", fmt.Errorf("fetching auth server metadata: %w", err) 555 555 } 556 556 557 - scope := scopeStr(app.Config.Scopes) 558 - info, err := app.SendAuthRequest(ctx, authserverMeta, scope, identifier) 557 + info, err := app.SendAuthRequest(ctx, authserverMeta, app.Config.Scopes, identifier) 559 558 if err != nil { 560 559 return "", fmt.Errorf("auth request failed: %w", err) 561 560 }
+2 -2
atproto/auth/oauth/types.go
··· 330 330 // If the flow started with an account identifier (DID or handle), it should be persisted, to verify against the initial token response. 331 331 AccountDID *syntax.DID `json:"account_did,omitempty"` 332 332 333 - // OAuth scope string (space-separated list) 334 - Scope string `json:"scope"` 333 + // OAuth scope strings 334 + Scopes []string `json:"scopes"` 335 335 336 336 // unique token in URI format, which will be used by the client in the auth flow redirect 337 337 RequestURI string `json:"request_uri"`