A container registry that uses the AT Protocol for manifest storage and S3 for blob storage.
add back individual scopes
+9
-2
+9
-2
pkg/auth/oauth/client.go
+9
-2
pkg/auth/oauth/client.go
···
73
73
}
74
74
75
75
// GetDefaultScopes returns the default OAuth scopes for ATCR registry operations.
76
-
// Uses io.atcr.permissions#registry permission-set to bundle repo and rpc scopes.
76
+
// Includes io.atcr.authFullApp permission-set plus individual scopes for PDS compatibility.
77
77
// Blob scopes are listed explicitly (not supported in Lexicon permission-sets).
78
78
func GetDefaultScopes(did string) []string {
79
79
return []string{
80
80
"atproto",
81
-
// Permission-set bundles repo and rpc scopes
81
+
// Permission-set (for future PDS support)
82
82
// See lexicons/io/atcr/authFullApp.json for definition
83
83
"io.atcr.authFullApp",
84
+
// Individual repo/rpc scopes (for current PDS compatibility)
85
+
fmt.Sprintf("repo:%s", atproto.ManifestCollection),
86
+
fmt.Sprintf("repo:%s", atproto.TagCollection),
87
+
fmt.Sprintf("repo:%s", atproto.StarCollection),
88
+
fmt.Sprintf("repo:%s", atproto.SailorProfileCollection),
89
+
fmt.Sprintf("repo:%s", atproto.RepoPageCollection),
90
+
"rpc:com.atproto.repo.getRecord?aud=*",
84
91
// Blob scopes (not supported in Lexicon permission-sets)
85
92
// Image manifest types (single-arch)
86
93
"blob:application/vnd.oci.image.manifest.v1+json",