ponderants/app

Fork 0

Commit Graph

Author	SHA1	Message	Date
Albert	e47272ca92	fix: Complete OAuth DPoP implementation with working stores Fixed multiple issues with the @atproto/oauth-client-node integration: 1. OAuth State Store: - Changed from SQL WHERE queries to SurrealDB record IDs - Use `oauth_state:⟨${key}⟩` pattern for direct lookups - Fixes "Parse error: Unexpected token" issues 2. OAuth Session Store: - Changed from SQL WHERE queries to SurrealDB record IDs - Use `oauth_session:⟨${did}⟩` pattern for direct lookups - Implement proper upsert logic with select + merge/create 3. OAuth Client Configuration: - Use loopback pattern with metadata in client_id query params - Format: `http://localhost/?redirect_uri=...&scope=atproto` - Complies with ATproto OAuth localhost development mode 4. Auth Callback: - Remove getProfile API call that requires additional scopes - Use DID directly from session for user identification - Simplify user creation in SurrealDB with record IDs 5. Login Page: - Change from GET redirect to POST with JSON body - Properly handle errors and display to user The OAuth flow now works end-to-end: - User enters handle → redirects to Bluesky OAuth - User authorizes → callback exchanges code for tokens - Session stored in SurrealDB → user redirected to /chat 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-09 01:53:12 +00:00
Albert	6ff6bae270	feat: Implement OAuth with DPoP using @atproto/oauth-client-node Replace manual OAuth implementation with official @atproto/oauth-client-node library to properly support DPoP (Demonstrating Proof of Possession) authentication. Changes: - Added @atproto/oauth-client-node dependency - Created OAuth state store (SurrealDB-backed) for CSRF protection - Created OAuth session store (SurrealDB-backed) for token persistence - Created OAuth client singleton with localhost exception for development - Rewrote /api/auth/login to use client.authorize() - Rewrote /api/auth/callback to use client.callback() with DPoP - Updated lib/auth/session.ts with getAuthenticatedAgent() for ATproto API calls - Updated db/schema.surql with oauth_state and oauth_session tables - Added scripts/apply-schema.js for database schema management - Created plans/oauth-dpop-implementation.md with detailed implementation plan - Removed legacy lib/auth/atproto.ts and lib/auth/oauth-state.ts - Updated .env to use localhost exception (removed BLUESKY_CLIENT_ID) The OAuth client now handles: - PKCE code generation and verification - DPoP proof generation and signing - Automatic token refresh - Session persistence across server restarts 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-09 01:40:04 +00:00

Author

SHA1

Message

Date

Albert

e47272ca92

fix: Complete OAuth DPoP implementation with working stores

Fixed multiple issues with the @atproto/oauth-client-node integration:

1. OAuth State Store:
   - Changed from SQL WHERE queries to SurrealDB record IDs
   - Use `oauth_state:⟨${key}⟩` pattern for direct lookups
   - Fixes "Parse error: Unexpected token" issues

2. OAuth Session Store:
   - Changed from SQL WHERE queries to SurrealDB record IDs
   - Use `oauth_session:⟨${did}⟩` pattern for direct lookups
   - Implement proper upsert logic with select + merge/create

3. OAuth Client Configuration:
   - Use loopback pattern with metadata in client_id query params
   - Format: `http://localhost/?redirect_uri=...&scope=atproto`
   - Complies with ATproto OAuth localhost development mode

4. Auth Callback:
   - Remove getProfile API call that requires additional scopes
   - Use DID directly from session for user identification
   - Simplify user creation in SurrealDB with record IDs

5. Login Page:
   - Change from GET redirect to POST with JSON body
   - Properly handle errors and display to user

The OAuth flow now works end-to-end:
- User enters handle → redirects to Bluesky OAuth
- User authorizes → callback exchanges code for tokens
- Session stored in SurrealDB → user redirected to /chat

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-09 01:53:12 +00:00

Albert

6ff6bae270

feat: Implement OAuth with DPoP using @atproto/oauth-client-node

Replace manual OAuth implementation with official @atproto/oauth-client-node library to properly support DPoP (Demonstrating Proof of Possession) authentication.

Changes:
- Added @atproto/oauth-client-node dependency
- Created OAuth state store (SurrealDB-backed) for CSRF protection
- Created OAuth session store (SurrealDB-backed) for token persistence
- Created OAuth client singleton with localhost exception for development
- Rewrote /api/auth/login to use client.authorize()
- Rewrote /api/auth/callback to use client.callback() with DPoP
- Updated lib/auth/session.ts with getAuthenticatedAgent() for ATproto API calls
- Updated db/schema.surql with oauth_state and oauth_session tables
- Added scripts/apply-schema.js for database schema management
- Created plans/oauth-dpop-implementation.md with detailed implementation plan
- Removed legacy lib/auth/atproto.ts and lib/auth/oauth-state.ts
- Updated .env to use localhost exception (removed BLUESKY_CLIENT_ID)

The OAuth client now handles:
- PKCE code generation and verification
- DPoP proof generation and signing
- Automatic token refresh
- Session persistence across server restarts

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-09 01:40:04 +00:00

2 Commits