tijs.org / oauth-client-deno
A Deno-compatible AT Protocol OAuth client that serves as a drop-in replacement for @atproto/oauth-client-node
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fix DPoP private key import usage flags

ECDSA private keys should only have "sign" capability, not "verify".
The "verify" operation is only valid for public keys. This fixes the
persistent "Invalid key usage" error in Web Crypto API.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

Tijs Teulings 5e054362 30df5b9a

+9 -2
+7
CHANGELOG.md
··· 5 5 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 6 6 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 7 7 8 + ## [1.0.5] - 2025-09-07 9 + 10 + ### Fixed 11 + 12 + - **DPoP Private Key Import**: Corrected key usage flags for private key import to use only `["sign"]` instead of `["sign", "verify"]`, matching Web Crypto API requirements for ECDSA private keys 13 + - Fixed persistent "Invalid key usage" error in DPoP authentication 14 + 8 15 ## [1.0.4] - 2025-09-07 9 16 10 17 ### Fixed
+1 -1
deno.json
··· 1 1 { 2 2 "name": "@tijs/oauth-client-deno", 3 - "version": "1.0.4", 3 + "version": "1.0.5", 4 4 "description": "AT Protocol OAuth client for Deno - handle-focused alternative to @atproto/oauth-client-node with Web Crypto API compatibility", 5 5 "license": "MIT", 6 6 "repository": {
+1 -1
src/dpop.ts
··· 116 116 namedCurve: "P-256", 117 117 }, 118 118 false, // not extractable 119 - ["sign", "verify"], 119 + ["sign"], 120 120 ); 121 121 } catch (error) { 122 122 throw new DPoPError("Failed to import private key from JWK", error as Error);