bas.sh / witchsky.app
forked from jollywhoppers.com/witchsky.app
Bluesky app fork with some witchin' additions 馃挮
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

witchsky.app / src / state / session / oauth-web-client.ts
at main 78 lines 2.4 kB view raw
xan.lol fix(auth): use transition scopes so local dev works
6c026456
1import {BrowserOAuthClient} from '@atproto/oauth-client-browser' 2 3import {createIdentityResolver} from './identity-resolver' 4 5const OAUTH_BASE_URL: string = 6 process.env.EXPO_PUBLIC_OAUTH_BASE_URL || 'https://witchsky.app' 7 8const OAUTH_CLIENT_NAME: string = 9 process.env.EXPO_PUBLIC_OAUTH_CLIENT_NAME || 'Witchsky' 10 11const OAUTH_SCOPE = [ 12 'atproto', 13 'transition:generic', 14 'transition:email', 15 'transition:chat.bsky', 16].join(' ') 17 18function isLoopback() { 19 if (typeof window === 'undefined') return false 20 const host = window.location.hostname 21 return ( 22 host === 'localhost' || 23 host === '127.0.0.1' || 24 host === '[::1]' || 25 host === '::1' 26 ) 27} 28 29const BSKY_OAUTH_CLIENT = createWebOAuthClient() 30 31function createWebOAuthClient() { 32 if (isLoopback()) { 33 // Loopback client: encode scope and redirect_uri in the client_id URL. 34 // The authorization server uses hardcoded metadata for http://localhost 35 // client_ids. Without explicit scope, only "atproto" is granted, which 36 // lacks the transition scopes this client needs for appview and chat APIs. 37 const port = window.location.port ? `:${window.location.port}` : '' 38 const redirectUri = `http://127.0.0.1${port}/` 39 const clientId = 40 `http://localhost` + 41 `?redirect_uri=${encodeURIComponent(redirectUri)}` + 42 `&scope=${encodeURIComponent(OAUTH_SCOPE)}` 43 44 return new BrowserOAuthClient({ 45 clientMetadata: { 46 client_id: clientId, 47 redirect_uris: [redirectUri], 48 scope: OAUTH_SCOPE, 49 token_endpoint_auth_method: 'none', 50 response_types: ['code'], 51 grant_types: ['authorization_code', 'refresh_token'], 52 application_type: 'web', 53 dpop_bound_access_tokens: true, 54 }, 55 identityResolver: createIdentityResolver(), 56 }) 57 } 58 59 return new BrowserOAuthClient({ 60 clientMetadata: { 61 client_id: `${OAUTH_BASE_URL}/oauth-client-metadata.json`, 62 client_name: OAUTH_CLIENT_NAME, 63 client_uri: OAUTH_BASE_URL, 64 redirect_uris: [`${OAUTH_BASE_URL}/auth/web/callback`], 65 scope: OAUTH_SCOPE, 66 token_endpoint_auth_method: 'none', 67 response_types: ['code'], 68 grant_types: ['authorization_code', 'refresh_token'], 69 application_type: 'web', 70 dpop_bound_access_tokens: true, 71 }, 72 identityResolver: createIdentityResolver(), 73 }) 74} 75 76export function getWebOAuthClient() { 77 return BSKY_OAUTH_CLIENT 78}