malpercio.dev / ezpds
An easy-to-host PDS on the ATProtocol, iPhone and MacOS. Maintain control of your keys and data, always.
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

feat(identity-wallet): OAuth 2.0 PKCE + DPoP authentication (MM-149) #35

open opened by
malpercio.dev targeting main from malpercio/mm-149-mobile-oauth-pkce-client-authenticate-with-relay-for-ongoing

Summary:

  • Seeds identity-wallet as a registered OAuth client in the relay DB (V013 migration)
  • Implements the full OAuth PKCE + DPoP flow in the Rust backend: PAR, Safari redirect, deep-link callback, token exchange with nonce retry
  • Adds OAuthClient authenticated HTTP client with lazy token refresh and DPoP header attachment
  • Adds post-onboarding auth screens (SvelteKit) and startup token restoration from Keychain

Test Plan:

  • cargo test -p relay v013_seeds_identity_wallet_oauth_client passes
  • cargo test -p identity-wallet -- --skip device_key passes (device_key failures are pre-existing, unrelated to this PR)
  • cargo test -p identity-wallet oauth_client passes
  • Human test plan at docs/test-plans/2026-03-23-MM-149.md — covers fresh OAuth flow, token persistence across restart, auth failure recovery, and security verification
Labels

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:web:malpercio.dev/sh.tangled.repo.pull/3mhvbzehodb22
Diff #0

No differences found between the selected revisions.

History

1 round 0 comments
sign up or login to add to the discussion
malpercio.dev submitted #0
patch application failed: error: No valid patches in input (allow with "--allow-empty")
expand 0 comments