socialde.pt / atp-client
Laravel AT Protocol Client (alpha & unstable)
3
fork

Configure Feed

Select the types of activity you want to include in your feed.

Update documentation for authType and renamed events

Miguel Batres e6835e1b 133caf1e

+34 -12
+34 -12
README.md
··· 163 163 Sessions automatically refresh when tokens are about to expire (default: 5 minutes before expiration). Listen to events if you need to persist refreshed tokens: 164 164 165 165 ```php 166 - use SocialDept\AtpClient\Events\OAuthTokenRefreshed; 166 + use SocialDept\AtpClient\Events\TokenRefreshed; 167 167 168 - Event::listen(OAuthTokenRefreshed::class, function ($event) { 169 - // $event->did - the user's DID (e.g., did:plc:abc123...) 168 + Event::listen(TokenRefreshed::class, function ($event) { 169 + // $event->session - the Session being refreshed 170 170 // $event->token - the new AccessToken 171 171 // Update your credential storage here 172 + 173 + // Check auth type if needed 174 + if ($event->session->isLegacy()) { 175 + // App password session 176 + } 172 177 }); 173 178 ``` 174 179 ··· 532 537 $table->text('refresh_token'); // Single-use refresh token 533 538 $table->timestamp('expires_at'); // Token expiration time 534 539 $table->json('scope')->nullable(); // Granted OAuth scopes 540 + $table->string('auth_type')->default('oauth'); // 'oauth' or 'legacy' 535 541 $table->timestamps(); 536 542 }); 537 543 ``` ··· 547 553 use SocialDept\AtpClient\Contracts\CredentialProvider; 548 554 use SocialDept\AtpClient\Data\AccessToken; 549 555 use SocialDept\AtpClient\Data\Credentials; 556 + use SocialDept\AtpClient\Enums\AuthType; 550 557 551 558 class DatabaseCredentialProvider implements CredentialProvider 552 559 { ··· 566 573 handle: $record->handle, 567 574 issuer: $record->issuer, 568 575 scope: $record->scope ?? [], 576 + authType: AuthType::from($record->auth_type), 569 577 ); 570 578 } 571 579 ··· 580 588 'refresh_token' => $token->refreshJwt, 581 589 'expires_at' => $token->expiresAt, 582 590 'scope' => $token->scope, 591 + 'auth_type' => $token->authType->value, 583 592 ] 584 593 ); 585 594 } ··· 593 602 'handle' => $token->handle, 594 603 'issuer' => $token->issuer, 595 604 'scope' => $token->scope, 605 + 'auth_type' => $token->authType->value, 596 606 ]); 597 607 } 598 608 ··· 622 632 'refresh_token', 623 633 'expires_at', 624 634 'scope', 635 + 'auth_type', 625 636 ]; 626 637 627 638 protected $casts = [ ··· 713 724 | `refreshToken` | Token to get new access tokens (single-use!) | 714 725 | `expiresAt` | When the access token expires | 715 726 | `scope` | Array of granted scopes (e.g., `['atproto', 'transition:generic']`) | 727 + | `authType` | Authentication method: `AuthType::OAuth` or `AuthType::Legacy` | 716 728 717 729 ### Handling Token Refresh Events 718 730 719 731 When tokens are automatically refreshed, you can listen for events: 720 732 721 733 ```php 722 - use SocialDept\AtpClient\Events\OAuthTokenRefreshed; 734 + use SocialDept\AtpClient\Events\TokenRefreshed; 723 735 724 736 // In EventServiceProvider or via Event::listen() 725 - Event::listen(OAuthTokenRefreshed::class, function (OAuthTokenRefreshed $event) { 737 + Event::listen(TokenRefreshed::class, function (TokenRefreshed $event) { 726 738 // The CredentialProvider.updateCredentials() is already called, 727 739 // but you can do additional logging or notifications here 728 740 Log::info("Token refreshed for: {$event->session->did()}"); 741 + 742 + // Check if this is a legacy (app password) session 743 + if ($event->session->isLegacy()) { 744 + // Handle legacy sessions differently if needed 745 + } 729 746 }); 730 747 ``` 731 748 ··· 768 785 }); 769 786 ``` 770 787 771 - ### OAuthTokenRefreshing / OAuthTokenRefreshed 788 + ### TokenRefreshing / TokenRefreshed 772 789 773 - Fired before and after automatic token refresh. Use `OAuthTokenRefreshing` to invalidate your stored refresh token before it's used (refresh tokens are single-use): 790 + Fired before and after automatic token refresh for both OAuth and legacy sessions. Use `TokenRefreshing` to invalidate your stored refresh token before it's used (refresh tokens are single-use): 774 791 775 792 ```php 776 - use SocialDept\AtpClient\Events\OAuthTokenRefreshing; 777 - use SocialDept\AtpClient\Events\OAuthTokenRefreshed; 793 + use SocialDept\AtpClient\Events\TokenRefreshing; 794 + use SocialDept\AtpClient\Events\TokenRefreshed; 778 795 779 796 // Before token refresh - invalidate old refresh token 780 - Event::listen(OAuthTokenRefreshing::class, function (OAuthTokenRefreshing $event) { 781 - // $event->session gives access to did(), handle(), etc. 797 + Event::listen(TokenRefreshing::class, function (TokenRefreshing $event) { 798 + // $event->session gives access to did(), handle(), authType(), isLegacy(), etc. 782 799 Log::info('Refreshing token for: ' . $event->session->did()); 783 800 }); 784 801 785 802 // After token refresh - new tokens available 786 - Event::listen(OAuthTokenRefreshed::class, function (OAuthTokenRefreshed $event) { 803 + Event::listen(TokenRefreshed::class, function (TokenRefreshed $event) { 787 804 // $event->session - the session being refreshed 788 805 // $event->token - the new AccessToken with fresh tokens 789 806 // CredentialProvider.updateCredentials() is already called automatically 790 807 Log::info('Token refreshed for: ' . $event->session->did()); 808 + 809 + // Check auth type if needed 810 + if ($event->session->isLegacy()) { 811 + // Legacy (app password) session 812 + } 791 813 }); 792 814 ``` 793 815