···11----
22-'@atcute/xrpc-server': minor
33----
44-55-XRPC subscriptions support
-5
.changeset/breezy-candles-fold.md
···11----
22-'@atcute/xrpc-server': minor
33----
44-55-deprecate `router.add()` in favor of `.addQuery()` and `.addProcedure()` instead
-5
.changeset/cruel-bats-prove.md
···11----
22-'@atcute/lexicon-doc': patch
33----
44-55-throw if definition ID is invalid
-5
.changeset/eleven-rules-rhyme.md
···11----
22-'@atcute/xrpc-server': patch
33----
44-55-clean up Valita schemas
-22
.changeset/hungry-points-press.md
···11----
22-'@atcute/oauth-browser-client': major
33----
44-55-allow passing user-provided state during authorization
66-77-`createAuthorizationUrl` now takes in an optional `state` property
88-99-```ts
1010-const authUrl = await createAuthorizationUrl({
1111- // ...
1212- state: {
1313- // ...
1414- },
1515-});
1616-```
1717-1818-`finalizeAuthorization` now returns an object containing `session` and your provided `state`.
1919-2020-```ts
2121-const { session, state } = await finalizeAuthorization(params);
2222-```
-5
.changeset/loud-rice-sink.md
···11----
22-'@atcute/jetstream': patch
33----
44-55-clean up Valita schemas
-58
.changeset/puny-areas-warn.md
···11----
22-'@atcute/oauth-browser-client': major
33----
44-55-handle and DID document resolution are now externalized.
66-77-although we've provided a "guide" on how to do your own handle resolution, the client itself still
88-had to make its own resolution for post-authorization verification checks. this change finally makes
99-it possible for you to supply a resolver for the client to use, and you're required to provide them.
1010-1111-after upgrading, you would supply an `identityResolver` to `configureOAuth`. there is a built-in
1212-identity resolver implementation that takes in a handle and DID document resolver (which you can use
1313-`@atcute/identity-resolver` with.)
1414-1515-```ts
1616-import { configureOAuth, defaultIdentityResolver } from '@atcute/oauth-browser-client';
1717-1818-import {
1919- CompositeDidDocumentResolver,
2020- PlcDidDocumentResolver,
2121- WebDidDocumentResolver,
2222- XrpcHandleResolver,
2323-} from '@atcute/identity-resolver';
2424-2525-configureOAuth({
2626- // ... existing config
2727-2828- identityResolver: defaultIdentityResolver({
2929- // AT Protocol handles resolve via DNS TXT record or HTTP well-known endpoints.
3030- // since web apps lack direct DNS access and face CORS restrictions, we're using
3131- // Bluesky's AppView for this example.
3232- //
3333- // NOTE: Bluesky may log handle resolutions and requester info per their privacy
3434- // policy. consider the privacy implications of this arrangement and change this
3535- // setup if unsuitable for your use case.
3636- handleResolver: new XrpcHandleResolver({ serviceUrl: 'https://public.api.bsky.app' }),
3737-3838- didDocumentResolver: new CompositeDidDocumentResolver({
3939- methods: {
4040- plc: new PlcDidDocumentResolver(),
4141- web: new WebDidDocumentResolver(),
4242- },
4343- }),
4444- }),
4545-});
4646-```
4747-4848-`resolveFromIdentity` and `resolveFromService` has been removed as a result. instead, pass the
4949-target directly to `createAuthorizationUrl`.
5050-5151-```ts
5252-const authUrl = await createAuthorizationUrl({
5353- target: { type: 'account', identifier: 'mary.my.id' },
5454- // or { type: 'pds', serviceUrl: 'https://bsky.social' }
5555-5656- // ... existing options
5757-});
5858-```
-5
.changeset/quick-poets-fix.md
···11----
22-'@atcute/lexicon-doc': patch
33----
44-55-add JSON schema for lexicon schemas
-14
.changeset/ready-bears-heal.md
···11----
22-'@atcute/oauth-browser-client': minor
33----
44-55-allow customizing some parts of the authorization process
66-77-`createAuthorizationUrl` now takes in optional `prompt`, `display`, `locale` fields.
88-99-```ts
1010-const authUrl = createAuthorizationUrl({
1111- // ...
1212- display: 'popup',
1313-});
1414-```
-36
.changeset/swift-owls-sin.md
···11----
22-'@atcute/oauth-browser-client': minor
33----
44-55-add support for client assertions.
66-77-this adds an optional `fetchClientAssertion` callback to `configureOAuth` that lets you fetch client
88-assertions from your backend, allowing your client to be classified as a confidential client.
99-1010-```ts
1111-import { configureOAuth } from '@atcute/oauth-browser-client';
1212-1313-configureOAuth({
1414- // ... existing config
1515-1616- async fetchClientAssertion({ jkt, aud, createDpopProof }) {
1717- const dpop = await createDpopProof('https://example.com/api/client-assertion');
1818-1919- const response = await fetch('https://example.com/api/client-assertion', {
2020- method: 'POST',
2121- headers: {
2222- dpop: dpop,
2323- 'content-type': 'application/json',
2424- },
2525- body: JSON.stringify({ jkt, aud }),
2626- });
2727-2828- const data = await response.json();
2929-3030- return {
3131- client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
3232- client_assertion: data.assertion,
3333- };
3434- },
3535-});
3636-```
-5
.changeset/violet-experts-drum.md
···11----
22-'@atcute/lexicon-doc': patch
33----
44-55-clean up Valita schemas
-5
.changeset/whole-windows-spend.md
···11----
22-'@atcute/lex-cli': patch
33----
44-55-remove Valibot, consistently use Valita
+6
packages/clients/jetstream/CHANGELOG.md
···11# @atcute/jetstream
2233+## 1.1.2
44+55+### Patch Changes
66+77+- dc9fe6f: clean up Valita schemas
88+39## 1.1.1
410511### Patch Changes
+1-1
packages/clients/jetstream/package.json
···11{
22 "type": "module",
33 "name": "@atcute/jetstream",
44- "version": "1.1.1",
44+ "version": "1.1.2",
55 "description": "lightweight and cute Jetstream subscriber for AT Protocol",
66 "license": "0BSD",
77 "repository": {
···11# @atcute/oauth-browser-client
2233+## 2.0.0
44+55+### Major Changes
66+77+- bac1b0f: allow passing user-provided state during authorization
88+99+ `createAuthorizationUrl` now takes in an optional `state` property
1010+1111+ ```ts
1212+ const authUrl = await createAuthorizationUrl({
1313+ // ...
1414+ state: {
1515+ // ...
1616+ },
1717+ });
1818+ ```
1919+2020+ `finalizeAuthorization` now returns an object containing `session` and your provided `state`.
2121+2222+ ```ts
2323+ const { session, state } = await finalizeAuthorization(params);
2424+ ```
2525+2626+- bac1b0f: handle and DID document resolution are now externalized.
2727+2828+ although we've provided a "guide" on how to do your own handle resolution, the client itself still
2929+ had to make its own resolution for post-authorization verification checks. this change finally
3030+ makes it possible for you to supply a resolver for the client to use, and you're required to
3131+ provide them.
3232+3333+ after upgrading, you would supply an `identityResolver` to `configureOAuth`. there is a built-in
3434+ identity resolver implementation that takes in a handle and DID document resolver (which you can
3535+ use `@atcute/identity-resolver` with.)
3636+3737+ ```ts
3838+ import { configureOAuth, defaultIdentityResolver } from '@atcute/oauth-browser-client';
3939+4040+ import {
4141+ CompositeDidDocumentResolver,
4242+ PlcDidDocumentResolver,
4343+ WebDidDocumentResolver,
4444+ XrpcHandleResolver,
4545+ } from '@atcute/identity-resolver';
4646+4747+ configureOAuth({
4848+ // ... existing config
4949+5050+ identityResolver: defaultIdentityResolver({
5151+ // AT Protocol handles resolve via DNS TXT record or HTTP well-known endpoints.
5252+ // since web apps lack direct DNS access and face CORS restrictions, we're using
5353+ // Bluesky's AppView for this example.
5454+ //
5555+ // NOTE: Bluesky may log handle resolutions and requester info per their privacy
5656+ // policy. consider the privacy implications of this arrangement and change this
5757+ // setup if unsuitable for your use case.
5858+ handleResolver: new XrpcHandleResolver({ serviceUrl: 'https://public.api.bsky.app' }),
5959+6060+ didDocumentResolver: new CompositeDidDocumentResolver({
6161+ methods: {
6262+ plc: new PlcDidDocumentResolver(),
6363+ web: new WebDidDocumentResolver(),
6464+ },
6565+ }),
6666+ }),
6767+ });
6868+ ```
6969+7070+ `resolveFromIdentity` and `resolveFromService` has been removed as a result. instead, pass the
7171+ target directly to `createAuthorizationUrl`.
7272+7373+ ```ts
7474+ const authUrl = await createAuthorizationUrl({
7575+ target: { type: 'account', identifier: 'mary.my.id' },
7676+ // or { type: 'pds', serviceUrl: 'https://bsky.social' }
7777+7878+ // ... existing options
7979+ });
8080+ ```
8181+8282+### Minor Changes
8383+8484+- bac1b0f: allow customizing some parts of the authorization process
8585+8686+ `createAuthorizationUrl` now takes in optional `prompt`, `display`, `locale` fields.
8787+8888+ ```ts
8989+ const authUrl = createAuthorizationUrl({
9090+ // ...
9191+ display: 'popup',
9292+ });
9393+ ```
9494+9595+- 80b400e: add support for client assertions.
9696+9797+ this adds an optional `fetchClientAssertion` callback to `configureOAuth` that lets you fetch
9898+ client assertions from your backend, allowing your client to be classified as a confidential
9999+ client.
100100+101101+ ```ts
102102+ import { configureOAuth } from '@atcute/oauth-browser-client';
103103+104104+ configureOAuth({
105105+ // ... existing config
106106+107107+ async fetchClientAssertion({ jkt, aud, createDpopProof }) {
108108+ const dpop = await createDpopProof('https://example.com/api/client-assertion');
109109+110110+ const response = await fetch('https://example.com/api/client-assertion', {
111111+ method: 'POST',
112112+ headers: {
113113+ dpop: dpop,
114114+ 'content-type': 'application/json',
115115+ },
116116+ body: JSON.stringify({ jkt, aud }),
117117+ });
118118+119119+ const data = await response.json();
120120+121121+ return {
122122+ client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
123123+ client_assertion: data.assertion,
124124+ };
125125+ },
126126+ });
127127+ ```
128128+3129## 1.0.27
41305131### Patch Changes