ponderants/app
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bada693e76b5d84239dbc2efbd1e9c15c235f46d
app/lib/auth/oauth-session-store.ts
Albert 0ec5adb246 fix: Complete OAuth DPoP implementation with working stores 
Fixed multiple issues with the @atproto/oauth-client-node integration:

1. OAuth State Store:
   - Changed from SQL WHERE queries to SurrealDB record IDs
   - Use `oauth_state:⟨${key}⟩` pattern for direct lookups
   - Fixes "Parse error: Unexpected token" issues

2. OAuth Session Store:
   - Changed from SQL WHERE queries to SurrealDB record IDs
   - Use `oauth_session:⟨${did}⟩` pattern for direct lookups
   - Implement proper upsert logic with select + merge/create

3. OAuth Client Configuration:
   - Use loopback pattern with metadata in client_id query params
   - Format: `http://localhost/?redirect_uri=...&scope=atproto`
   - Complies with ATproto OAuth localhost development mode

4. Auth Callback:
   - Remove getProfile API call that requires additional scopes
   - Use DID directly from session for user identification
   - Simplify user creation in SurrealDB with record IDs

5. Login Page:
   - Change from GET redirect to POST with JSON body
   - Properly handle errors and display to user

The OAuth flow now works end-to-end:
- User enters handle → redirects to Bluesky OAuth
- User authorizes → callback exchanges code for tokens
- Session stored in SurrealDB → user redirected to /chat

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-09 01:53:12 +00:00

98 lines
2.9 KiB
TypeScript
Raw Blame History

/**
* OAuth Session Store for @atproto/oauth-client-node
*
* Stores persistent OAuth sessions (access/refresh tokens, DPoP keys).
* Sessions are keyed by the user's DID.
*/
import Surreal from 'surrealdb';
import type { NodeSavedSessionStore, NodeSavedSession } from '@atproto/oauth-client-node';
/**
* Get a SurrealDB connection with root credentials.
* Used for OAuth session management.
*/
async function getDB(): Promise<Surreal> {
const db = new Surreal();
await db.connect(process.env.SURREALDB_URL!);
await db.signin({
username: process.env.SURREALDB_USER!,
password: process.env.SURREALDB_PASS!,
});
await db.use({
namespace: process.env.SURREALDB_NS!,
database: process.env.SURREALDB_DB!,
});
return db;
}
/**
* Create an OAuth session store backed by SurrealDB.
*
* The session store persists authenticated user sessions across
* server restarts. The @atproto/oauth-client-node library manages
* token refresh automatically, updating the store when tokens change.
*
* Sessions are indexed by DID (decentralized identifier).
*/
export function createSessionStore(): NodeSavedSessionStore {
return {
async set(did: string, sessionData: NodeSavedSession): Promise<void> {
const db = await getDB();
try {
// Use DID as the record ID for direct lookup
// Escape special characters in the DID for SurrealDB record ID
const recordId = `oauth_session:⟨${did}`;
// Upsert: update if exists, create if doesn't
const existing = await db.select<{ session_data: NodeSavedSession }>(recordId);
if (Array.isArray(existing) && existing.length > 0) {
// Update existing record
await db.merge(recordId, {
session_data: sessionData,
updated_at: new Date().toISOString(),
});
} else {
// Create new record
await db.create(recordId, {
did,
session_data: sessionData,
created_at: new Date().toISOString(),
updated_at: new Date().toISOString(),
});
}
} finally {
await db.close();
}
},
async get(did: string): Promise<NodeSavedSession | undefined> {
const db = await getDB();
try {
// Select directly by record ID
const result = await db.select<{ session_data: NodeSavedSession }>(`oauth_session:⟨${did}`);
// db.select() returns an array when selecting a specific record ID
const record = Array.isArray(result) ? result[0] : result;
return record?.session_data;
} finally {
await db.close();
}
},
async del(did: string): Promise<void> {
const db = await getDB();
try {
// Delete directly by record ID
await db.delete(`oauth_session:⟨${did}`);
} finally {
await db.close();
}
},
};
}
Reference in New Issue View Git Blame Copy Permalink