tijs.org / oauth-client-deno
A Deno-compatible AT Protocol OAuth client that serves as a drop-in replacement for @atproto/oauth-client-node
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fix DPoP key import by cleaning JWK of conflicting key_ops fields

The jose library's exportJWK function adds key_ops fields that can conflict
with Web Crypto API's strict key usage validation. This fix creates a clean
JWK containing only the essential fields before import.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

Tijs Teulings 30df5b9a 1b950dec

+33 -2
+22
CHANGELOG.md
··· 5 5 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 6 6 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 7 7 8 + ## [1.0.4] - 2025-09-07 9 + 10 + ### Fixed 11 + 12 + - **DPoP Key Import Issue**: Fixed "Invalid key usage" error by cleaning JWK before import to remove conflicting key_ops fields that may be added by the jose library's exportJWK function 13 + - Improved compatibility with Web Crypto API strict key usage validation 14 + 15 + ## [1.0.3] - 2025-09-07 16 + 17 + ### Fixed 18 + 19 + - **DPoP Key Generation/Import Alignment**: Fixed key usage flags mismatch between generation and import operations 20 + - Updated import function to use `["sign", "verify"]` to match generation flags 21 + - Added complete session data storage support for hono-oauth-sessions integration 22 + 23 + ## [1.0.2] - 2025-09-07 24 + 25 + ### Fixed 26 + 27 + - **Interface Compatibility**: Added `toJSON()` method to `OAuthSession` interface for hono-oauth-sessions compatibility 28 + - Enhanced session serialization support for complete OAuth data persistence 29 + 8 30 ## [1.0.1] - 2025-09-05 9 31 10 32 ### Added
+1 -1
deno.json
··· 1 1 { 2 2 "name": "@tijs/oauth-client-deno", 3 - "version": "1.0.3", 3 + "version": "1.0.4", 4 4 "description": "AT Protocol OAuth client for Deno - handle-focused alternative to @atproto/oauth-client-node with Web Crypto API compatibility", 5 5 "license": "MIT", 6 6 "repository": {
+10 -1
src/dpop.ts
··· 99 99 privateKeyJWK: JsonWebKey, 100 100 ): Promise<CryptoKey> { 101 101 try { 102 + // Clean JWK to remove any conflicting key_ops that might have been added by exportJWK 103 + const cleanJWK: JsonWebKey = { 104 + kty: privateKeyJWK.kty!, 105 + crv: privateKeyJWK.crv!, 106 + x: privateKeyJWK.x!, 107 + y: privateKeyJWK.y!, 108 + d: privateKeyJWK.d!, 109 + }; 110 + 102 111 return await crypto.subtle.importKey( 103 112 "jwk", 104 - privateKeyJWK, 113 + cleanJWK, 105 114 { 106 115 name: "ECDSA", 107 116 namedCurve: "P-256",