ligo.at
decentralized and customizable links page on top of atproto
ligo.at
atproto
link-in-bio
python
uv
nauta.one
1from typing import Any
2from urllib.parse import urlparse
3
4
5# Checks an Authorization Server metadata response against atproto OAuth requirements
6def is_valid_authserver_meta(obj: dict[str, Any] | None, url: str) -> bool:
7 if obj is None:
8 return False
9 fetch_url = urlparse(url)
10 issuer_url = urlparse(obj["issuer"])
11 assert issuer_url.hostname == fetch_url.hostname
12 assert issuer_url.scheme == "https"
13 assert issuer_url.port is None
14 assert issuer_url.path in ["", "/"]
15 assert issuer_url.params == ""
16 assert issuer_url.fragment == ""
17
18 assert "code" in obj["response_types_supported"]
19 assert "authorization_code" in obj["grant_types_supported"]
20 assert "refresh_token" in obj["grant_types_supported"]
21 assert "S256" in obj["code_challenge_methods_supported"]
22 assert "none" in obj["token_endpoint_auth_methods_supported"]
23 assert "private_key_jwt" in obj["token_endpoint_auth_methods_supported"]
24 assert "ES256" in obj["token_endpoint_auth_signing_alg_values_supported"]
25 assert "atproto" in obj["scopes_supported"]
26 assert obj["authorization_response_iss_parameter_supported"] is True
27 assert obj["pushed_authorization_request_endpoint"] is not None
28 assert obj["require_pushed_authorization_requests"] is True
29 assert "ES256" in obj["dpop_signing_alg_values_supported"]
30 if "require_request_uri_registration" in obj:
31 assert obj["require_request_uri_registration"] is True
32 assert obj["client_id_metadata_document_supported"] is True
33
34 return True