CLI app for developers prototyping atproto functionality
1# OAuth Client Test — Reachability Workflows
2
3The `test oauth client interactive` subcommand supports two reachability workflows for connecting a client to the development environment's fake authorization server.
4
5## Same-Host Client (Default)
6
7When the client and `atproto-devtool` run on the same machine:
8
9```bash
10atproto-devtool test oauth client interactive
11```
12
13The fake AS binds to `http://127.0.0.1:<port>` (ephemeral port by default). Clients configure their AS discovery endpoint to point to this loopback address. This requires no external infrastructure and is fully deterministic.
14
15## Remote Client via Tunnel
16
17When the client runs on a different machine or network, establish a tunnel and advertise the public URL:
18
19```bash
20# Terminal 1: Start cloudflared tunnel (or ngrok, Tailscale Funnel, etc.)
21cloudflared tunnel --url http://127.0.0.1:8080
22
23# Terminal 2: Run test with public URL
24atproto-devtool test oauth client interactive --public-base-url https://my-tunnel.example.com
25```
26
27The fake AS listens on the specified `--port` (default 8080 for interactive mode) and advertises itself via the public base URL. Clients connecting from outside the loopback network discover and communicate with the AS through the tunnel.
28
29## Important Notes
30
31The fake AS speaks plaintext HTTP. TLS termination and certificate management are delegated to the tunnel endpoint (cloudflared, ngrok, etc.). `atproto-devtool` does not manage or generate TLS certificates.
32
33For deterministic test results across runs, use fixed ports and consistent tunnel URLs. The interactive flow is designed for development and conformance testing, not for production client validation.