OAuth client SDK #1100

bnewbold · 2025-06-16T20:39:54Z

Design goals:

specific to atproto OAuth (not a general-purpose OAuth framework)
implementation is correct and interoperable with atproto specification
reasonably complete and flexible, though may make some opinionated implementation decisions to avoid footguns
compatible with client SDK (aka, implement AuthMethod)
oriented towards server-side (eg, BFF and integrations)
supports "just authn" use-cases

Progress:

basic confidential client demo web interface
public client mode
localhost dev client mode
refactor core types and method attachments (eg, a session-agnositc OAuthClient struct with http.Client)
persist token callback (wired to ClientApp)
make PAR DPoP retries more specific (parse error response)
fix DID/handle display in demo app
ability to embed JWKs in client metadata directly (blocked on needing key_ops?)
resolve XXX and TODO

bnewbold force-pushed the bnewbold/sdk-oauth branch from 12ebce6 to fd0a7a4 Compare July 2, 2025 04:13

bnewbold added 11 commits July 7, 2025 17:07

parital progress on OAuth client

4b3f4b8

deps: security cookie sessions, and struct form encoding

28170c2

initial OAuth implementation (needs work)

807d548

move OAuth code to separate sub-package

62da7d4

refactor out metadata resolution helps

69f8aaf

progress refactoring session/data structs

a5fce9e

add more resolver tests

a08e2b9

use APIClient interface

9dd467f

remove some dead code

86cfcde

fill in more OAuth verification code

753d933

partial progress

22125f1

bnewbold force-pushed the bnewbold/sdk-oauth branch from fd0a7a4 to 22125f1 Compare July 8, 2025 06:18

bnewbold added 5 commits July 9, 2025 23:14

refactor in progress

b2db6cd

more refactor progress

856fead

move and rename oauth demo code

de6c43f

public client support

5bb7627

public client, localhost dev client, and host URL flows

c3e99ac

Provide feedback