str4d.xyz / atproto-devtool
CLI app for developers prototyping atproto functionality
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

atproto-devtool / docs / test-oauth-client-reachability.md
at main 1.7 kB view raw view code
Jack Grigg docs(oauth-client): README section, reachability doc, module CLAUDE.md
70265f8e

OAuth Client Test — Reachability Workflows#

The test oauth client interactive subcommand supports two reachability workflows for connecting a client to the development environment's fake authorization server.

Same-Host Client (Default)#

When the client and atproto-devtool run on the same machine:

atproto-devtool test oauth client interactive

The fake AS binds to http://127.0.0.1:<port> (ephemeral port by default). Clients configure their AS discovery endpoint to point to this loopback address. This requires no external infrastructure and is fully deterministic.

Remote Client via Tunnel#

When the client runs on a different machine or network, establish a tunnel and advertise the public URL:

# Terminal 1: Start cloudflared tunnel (or ngrok, Tailscale Funnel, etc.)
cloudflared tunnel --url http://127.0.0.1:8080

# Terminal 2: Run test with public URL
atproto-devtool test oauth client interactive --public-base-url https://my-tunnel.example.com

The fake AS listens on the specified --port (default 8080 for interactive mode) and advertises itself via the public base URL. Clients connecting from outside the loopback network discover and communicate with the AS through the tunnel.

Important Notes#

The fake AS speaks plaintext HTTP. TLS termination and certificate management are delegated to the tunnel endpoint (cloudflared, ngrok, etc.). atproto-devtool does not manage or generate TLS certificates.

For deterministic test results across runs, use fixed ports and consistent tunnel URLs. The interactive flow is designed for development and conformance testing, not for production client validation.