oppi.li
scopes.md
edited
1scopes are defined here: https://tangled.org/tangled.org/core/blob/master/appview/oauth/scopes.go
2
3they are passed into indigo here: https://tangled.org/tangled.org/core/blob/master/appview/oauth/oauth.go#L49
4
5the client-metadata produced is like so:
6
7```json
8{
9 "client_id": "http://localhost?redirect_uri=http%3A%2F%2F127.0.0.1%3A3000%2Foauth%2Fcallback&scope=atproto+repo%3Ash.tangled.publicKey+repo%3Ash.tangled.repo+repo%3Ash.tangled.repo.pull+repo%3Ash.tangled.repo.pull.comment+repo%3Ash.tangled.repo.artifact+repo%3Ash.tangled.repo.issue+repo%3Ash.tangled.repo.issue.comment+repo%3Ash.tangled.repo.collaborator+repo%3Ash.tangled.knot+repo%3Ash.tangled.knot.member+repo%3Ash.tangled.spindle+repo%3Ash.tangled.spindle.member+repo%3Ash.tangled.graph.follow+repo%3Ash.tangled.feed.star+repo%3Ash.tangled.feed.reaction+repo%3Ash.tangled.label.definition+repo%3Ash.tangled.label.op+repo%3Ash.tangled.string+repo%3Ash.tangled.actor.profile+blob%3A%2A%2F%2A+rpc%3Ash.tangled.repo.create%3Faud%3D%2A+rpc%3Ash.tangled.repo.delete%3Faud%3D%2A+rpc%3Ash.tangled.repo.merge%3Faud%3D%2A+rpc%3Ash.tangled.repo.hiddenRef%3Faud%3D%2A+rpc%3Ash.tangled.repo.deleteBranch%3Faud%3D%2A+rpc%3Ash.tangled.repo.setDefaultBranch%3Faud%3D%2A+rpc%3Ash.tangled.repo.forkSync%3Faud%3D%2A+rpc%3Ash.tangled.repo.forkStatus%3Faud%3D%2A+rpc%3Ash.tangled.repo.mergeCheck%3Faud%3D%2A+rpc%3Ash.tangled.pipeline.cancelPipeline%3Faud%3D%2A+rpc%3Ash.tangled.repo.addSecret%3Faud%3D%2A+rpc%3Ash.tangled.repo.removeSecret%3Faud%3D%2A+rpc%3Ash.tangled.repo.listSecrets%3Faud%3D%2A",
10 "application_type": "web",
11 "grant_types": [
12 "authorization_code",
13 "refresh_token"
14 ],
15 "scope": "atproto repo:sh.tangled.publicKey repo:sh.tangled.repo repo:sh.tangled.repo.pull repo:sh.tangled.repo.pull.comment repo:sh.tangled.repo.artifact repo:sh.tangled.repo.issue repo:sh.tangled.repo.issue.comment repo:sh.tangled.repo.collaborator repo:sh.tangled.knot repo:sh.tangled.knot.member repo:sh.tangled.spindle repo:sh.tangled.spindle.member repo:sh.tangled.graph.follow repo:sh.tangled.feed.star repo:sh.tangled.feed.reaction repo:sh.tangled.label.definition repo:sh.tangled.label.op repo:sh.tangled.string repo:sh.tangled.actor.profile blob:*/* rpc:sh.tangled.repo.create?aud=* rpc:sh.tangled.repo.delete?aud=* rpc:sh.tangled.repo.merge?aud=* rpc:sh.tangled.repo.hiddenRef?aud=* rpc:sh.tangled.repo.deleteBranch?aud=* rpc:sh.tangled.repo.setDefaultBranch?aud=* rpc:sh.tangled.repo.forkSync?aud=* rpc:sh.tangled.repo.forkStatus?aud=* rpc:sh.tangled.repo.mergeCheck?aud=* rpc:sh.tangled.pipeline.cancelPipeline?aud=* rpc:sh.tangled.repo.addSecret?aud=* rpc:sh.tangled.repo.removeSecret?aud=* rpc:sh.tangled.repo.listSecrets?aud=*",
16 "response_types": [
17 "code"
18 ],
19 "redirect_uris": [
20 "http://127.0.0.1:3000/oauth/callback"
21 ],
22 "token_endpoint_auth_method": "private_key_jwt",
23 "token_endpoint_auth_signing_alg": "ES256",
24 "dpop_bound_access_tokens": true,
25 "jwks_uri": "http://127.0.0.1:3000/oauth/jwks.json",
26 "client_name": "Tangled",
27 "client_uri": "http://127.0.0.1:3000"
28}
29```
30
31which does include `blob:*/*`.
32
33the scopes list returnd by the AS also does contain `blob:*/*`:
34
35```
3609:42:59 INFO oauth scopes granted by PDS did=did:plc:qfpnj4og54vl56wngdriaxug pds=https://grisette.us-west.host.bsky.network scopes="[... blob:*/* ...]"
37```
38
39my fix was to allow specifying the content type in `api/atproto/repouploadBlob.go`:
40
41```go
42// RepoUploadBlob calls the XRPC method "com.atproto.repo.uploadBlob".
43func RepoUploadBlob(ctx context.Context, c util.LexClient, input io.Reader, mime string) (*RepoUploadBlob_Output, error) {
44 var out RepoUploadBlob_Output
45 if err := c.LexDo(ctx, util.Procedure, mime, "com.atproto.repo.uploadBlob", nil, input, &out); err != nil {
46 return nil, err
47 }
48
49 return &out, nil
50}
51```
52
53and subsequently passing the mime type in calls to `RepoUploadBlob`:
54
55```go
56 blob, err := comatproto.RepoUploadBlob(r.Context(), client, gz(patch), "application/gzip")
57```
58
59[asdf asdf asdf asdf asdf asdf]: