refactor oauth · taurean.bryant.land/drydown@e563502

taurean.bryant.land / drydown

fork atom

a a vibe-coded abomination experiment of a fragrance review platform built on the atmosphere. drydown.social

fork atom

refactor oauth

taurean.bryant.land 1 month ago e5635022 26774f9c

+33 -44

3 changed files

expand all

.env.example

src

auth.ts

config.ts

+12

.env.example

··· 1 + # Set to "production" for deployed environments. 2 + # When not "production", OAuth uses the 127.0.0.1 loopback exception 3 + # and does not require a hosted client-metadata.json. 4 + NODE_ENV=development 5 + 6 + # Required in production only. The full public URL where 7 + # client-metadata.json is served (e.g., https://yourapp.com/client-metadata.json). 8 + # Leave blank for local development. 9 + PUBLIC_URL= 10 + 11 + # Server port. In dev, this is used to construct the loopback client_id. 12 + PORT=5173

+9 -44

src/auth.ts

··· 1 - import { BrowserOAuthClient, type OAuthClientMetadataInput } from '@atproto/oauth-client-browser' 1 + import { BrowserOAuthClient } from '@atproto/oauth-client-browser' 2 + import { oauthConfig } from './config' 2 3 3 4 // The metadata must match what is served at the client_id URL 4 - const clientMetadata = (() => { 5 - const isLocal = ['127.0.0.1', 'localhost'].includes(window.location.hostname) 6 - 7 - if (isLocal) { 8 - return { 9 - client_id: 'http://localhost?redirect_uri=http%3A%2F%2F127.0.0.1%3A5173&scope=atproto%20transition%3Ageneric', 10 - client_name: 'Drydown App (Dev)', 11 - client_uri: 'http://127.0.0.1:5173', 12 - logo_uri: 'http://127.0.0.1:5173/vite.svg', 13 - tos_uri: 'http://127.0.0.1:5173/tos', 14 - policy_uri: 'http://127.0.0.1:5173/policy', 15 - redirect_uris: ['http://127.0.0.1:5173'], 16 - scope: 'atproto transition:generic', 17 - grant_types: ['authorization_code', 'refresh_token'], 18 - response_types: ['code'], 19 - token_endpoint_auth_method: 'none', 20 - application_type: 'web', 21 - dpop_bound_access_tokens: true, 22 - } satisfies OAuthClientMetadataInput 23 - } 24 - 25 - return { 26 - client_id: 'https://drydown.social/client-metadata.json', 27 - client_name: 'Drydown App', 28 - client_uri: 'https://drydown.social', 29 - logo_uri: 'https://drydown.social/vite.svg', 30 - tos_uri: 'https://drydown.social/tos', 31 - policy_uri: 'https://drydown.social/policy', 32 - redirect_uris: [ 33 - 'https://drydown.social/', 34 - ], 35 - scope: 'atproto transition:generic', 36 - grant_types: ['authorization_code', 'refresh_token'], 37 - response_types: ['code'], 38 - token_endpoint_auth_method: 'none', 39 - application_type: 'web', 40 - dpop_bound_access_tokens: true, 41 - } satisfies OAuthClientMetadataInput 42 - })() 5 + // For local development, we use BrowserOAuthClient.load which handles loopback metadata generation 43 6 44 7 let client: BrowserOAuthClient | undefined 45 8 46 9 export async function getClient() { 47 10 if (client) return client 11 + 12 + console.log('Environment:', { isDev: import.meta.env.DEV, clientId: oauthConfig.clientId }) 48 13 49 14 try { 50 - client = new BrowserOAuthClient({ 15 + client = await BrowserOAuthClient.load({ 16 + clientId: oauthConfig.clientId, 51 17 handleResolver: 'https://bsky.social', 52 - clientMetadata, 53 18 fetch: window.fetch.bind(window), // Fix for "Illegal invocation" in Safari/Strict mode 54 19 }) 55 20 return client ··· 60 25 } 61 26 62 27 export async function initAuth() { 28 + console.log('Initializing Auth...') 63 29 const c = await getClient() 64 30 const result = await c.init() 65 31 return result ··· 69 35 const c = await getClient() 70 36 71 37 // Explicitly use the first redirect_uri from the active configuration 72 - // This ensures consistency whether in Dev or Prod 73 - const redirectUri = clientMetadata.redirect_uris?.[0] 38 + const redirectUri = oauthConfig.redirectUri 74 39 75 40 return await c.signIn(handle, { 76 41 state: undefined,

+12

src/config.ts

··· 1 + export const isDev = import.meta.env.DEV 2 + export const port = 5173 // Default Vite port 3 + 4 + export const oauthConfig = isDev 5 + ? { 6 + clientId: `http://localhost?redirect_uri=${encodeURIComponent(`http://127.0.0.1:${port}`)}&scope=${encodeURIComponent('atproto transition:generic')}`, 7 + redirectUri: `http://127.0.0.1:${port}`, 8 + } 9 + : { 10 + clientId: 'https://drydown.social/client-metadata.json', 11 + redirectUri: 'https://drydown.social/', 12 + }