willdot.net / at-container-registry
forked from evan.jarrett.net/at-container-registry
A container registry that uses the AT Protocol for manifest storage and S3 for blob storage.
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

more oauth fixes for hold service

Evan Jarrett 34ace405 67efbe27

+21 -11
+1 -5
cmd/hold/main.go
··· 1072 1072 // Run interactive OAuth flow with persistent server 1073 1073 ctx := context.Background() 1074 1074 1075 - // Note: holdScopes are ignored for now as indigo uses default scopes 1076 - // TODO: Enhance indigo App to support custom scopes if needed 1077 - _ = holdScopes 1078 - 1079 1075 result, err := oauth.InteractiveFlowWithCallback( 1080 1076 ctx, 1081 1077 baseURL, 1082 1078 handle, 1083 - nil, // scopes (not used - indigo uses defaults) 1079 + holdScopes, // Pass hold-specific scopes 1084 1080 func(handler http.HandlerFunc) error { 1085 1081 // Register callback on existing server (persistent server pattern) 1086 1082 http.HandleFunc("/auth/oauth/callback", handler)
+13 -4
pkg/auth/oauth/client.go
··· 19 19 directory identity.Directory 20 20 } 21 21 22 - // NewApp creates a new OAuth app for ATCR 22 + // NewApp creates a new OAuth app for ATCR with default scopes 23 23 func NewApp(baseURL string, store oauth.ClientAuthStore) (*App, error) { 24 - config := NewClientConfig(baseURL) 24 + return NewAppWithScopes(baseURL, store, GetDefaultScopes()) 25 + } 26 + 27 + // NewAppWithScopes creates a new OAuth app for ATCR with custom scopes 28 + func NewAppWithScopes(baseURL string, store oauth.ClientAuthStore, scopes []string) (*App, error) { 29 + config := NewClientConfigWithScopes(baseURL, scopes) 25 30 clientApp := oauth.NewClientApp(&config, store) 26 31 27 32 return &App{ ··· 33 38 34 39 // NewClientConfig creates an OAuth client configuration for ATCR 35 40 func NewClientConfig(baseURL string) oauth.ClientConfig { 36 - clientID := ClientID(baseURL) 41 + return NewClientConfigWithScopes(baseURL, GetDefaultScopes()) 42 + } 43 + 44 + // NewClientConfigWithScopes creates an OAuth client configuration with custom scopes 45 + func NewClientConfigWithScopes(baseURL string, scopes []string) oauth.ClientConfig { 46 + clientID := ClientIDWithScopes(baseURL, scopes) 37 47 redirectURI := RedirectURI(baseURL) 38 - scopes := GetDefaultScopes() 39 48 40 49 // Check if this is localhost (public client) or production (confidential client) 41 50 if strings.Contains(baseURL, "127.0.0.1") || strings.Contains(baseURL, "localhost") {
+7 -2
pkg/auth/oauth/interactive.go
··· 32 32 return nil, fmt.Errorf("failed to create OAuth store: %w", err) 33 33 } 34 34 35 - // Create OAuth app 36 - app, err := NewApp(baseURL, store) 35 + // Create OAuth app with custom scopes (or defaults if nil) 36 + var app *App 37 + if scopes != nil { 38 + app, err = NewAppWithScopes(baseURL, store, scopes) 39 + } else { 40 + app, err = NewApp(baseURL, store) 41 + } 37 42 if err != nil { 38 43 return nil, fmt.Errorf("failed to create OAuth app: %w", err) 39 44 }