tranquil.farm / tranquil-pds
Our Personal Data Server from scratch! tranquil.farm
oauth atproto pds rust postgresql objectstorage fun
fork atom

DPoP bug report #11

open opened by launchpadx.top

I've observed that since the recent update (starting from 8af0cfe0), some API requests (e.g., oauth/sso/linked) have encountered a "use_dpop_nonce" error (the message is "DPoP nonce required").

oyster.cafe

Damn! For which clients is this happening, and which API endpoints specifically???

launchpadx.top (author) edited

I haven't encountered any issues currently with the Bluesky client, this problem looks like only exists with PDS Account Manager.

Looks like a lot APIs are experiencing this issue, including the one I mentioned in the issue, as well as a new API (com.atproto.server.getSession) I just discovered that also has this problem

launchpadx.top (author) edited

These APIs have same issue too:

  • xrpc/_delegation.listControllers
  • xrpc/_delegation.listControlledAccounts
  • xrpc/_delegation.getAuditLog
  • xrpc/_backup.exportBlobs

probably there will be more APIs have this issue

oyster.cafe

i'll hopefully look at this and fix within a week

oyster.cafe

Fix is in https://tangled.org/tranquil.farm/tranquil-pds/pulls/6

launchpadx.top (author)

Looks like this issue is not resolved completely, as /oauth/sso/linked still have problem, error is invalid_dpop_proof and message is HTTP URI mismatch

oyster.cafe

you definitely rebuilt the frontend code right? :3

launchpadx.top (author)

yep

I can found DPoP request header but the issue is still there

sign up or login to add to the discussion
Labels

None yet.

assignee

None yet.

Participants 2
AT URI
at://did:plc:gcktt4t6eocohmc2f4rozxly/sh.tangled.repo.issue/3mdb3heakvi22