feat: Make OAuth configuration environment-aware via NEXT_PUBLIC_APP_URL

- Convert client-metadata.json to dynamic API route reading from env vars - Remove BLUESKY_CLIENT_ID and BLUESKY_REDIRECT_URI env vars - All OAuth URLs now derived from NEXT_PUBLIC_APP_URL - Implement production OAuth client (removes TODO/placeholder) - Update .prod.env with production settings for www.ponderants.com - Use https:// for production URLs - Simplify environment configuration (single source of truth) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-09 15:08:04 +00:00
parent 95eeef0deb
commit 5247c142a4
4 changed files with 66 additions and 37 deletions
--- a/app/client-metadata.json/route.ts
+++ b/app/client-metadata.json/route.ts
@@ -0,0 +1,34 @@
+import { NextResponse } from 'next/server';
+
+/**
+ * ATproto OAuth Client Metadata Endpoint
+ *
+ * This endpoint serves the OAuth client metadata required for ATproto authentication.
+ * The client_id must match the URL where this metadata is served.
+ *
+ * @see https://atproto.com/specs/oauth
+ */
+export async function GET() {
+  const appUrl = process.env.NEXT_PUBLIC_APP_URL || 'http://localhost:3000';
+
+  const metadata = {
+    client_id: `${appUrl}/client-metadata.json`,
+    client_name: 'Ponderants',
+    client_uri: appUrl,
+    logo_uri: `${appUrl}/logo.svg`,
+    redirect_uris: [`${appUrl}/api/auth/callback`],
+    scope: 'atproto transition:generic',
+    grant_types: ['authorization_code', 'refresh_token'],
+    response_types: ['code'],
+    token_endpoint_auth_method: 'none',
+    application_type: 'web',
+    dpop_bound_access_tokens: true,
+  };
+
+  return NextResponse.json(metadata, {
+    headers: {
+      'Content-Type': 'application/json',
+      'Cache-Control': 'public, max-age=3600', // Cache for 1 hour
+    },
+  });
+}