ligo.at / core
decentralized and customizable links page on top of atproto ligo.at
atproto link-in-bio python uv
fork atom

use ligo.at permission set in oauth scope

nauta.one 7bbcc337 e0c9fd09

+5 -5
unified split
+5 -5
src/oauth.py
··· 33 33 34 34 oauth = Blueprint("oauth", __name__, url_prefix="/oauth") 35 35 36 + OAUTH_SCOPE = "atproto include:at.ligo.authFull" 37 + 36 38 37 39 @oauth.get("/start") 38 40 async def oauth_start(): ··· 86 88 87 89 # Auth 88 90 dpop_private_jwk: Key = JsonWebKey.generate_key("EC", "P-256", is_private=True) 89 - scope = "atproto transition:generic" 90 91 91 92 host = request.host 92 93 metadata_endpoint = url_for("oauth.oauth_metadata") ··· 105 106 login_hint, 106 107 client_id, 107 108 redirect_uri, 108 - scope, 109 + OAUTH_SCOPE, 109 110 CLIENT_SECRET_JWK, 110 111 dpop_private_jwk, 111 112 ) ··· 127 128 handle, 128 129 pds_url, 129 130 pkce_verifier, 130 - scope, 131 + OAUTH_SCOPE, 131 132 dpop_authserver_nonce, 132 133 dpop_private_jwk.as_json(is_private=True), 133 134 ) ··· 197 198 198 199 await client.close() 199 200 200 - assert row.scope == tokens.scope 201 201 assert pds_url is not None 202 202 203 203 current_app.logger.debug("storing user oauth session") ··· 230 230 { 231 231 "client_id": f"https://{host}{metadata_endpoint}", 232 232 "grant_types": ["authorization_code", "refresh_token"], 233 - "scope": "atproto transition:generic", 233 + "scope": OAUTH_SCOPE, 234 234 "response_types": ["code"], 235 235 "redirect_uris": [ 236 236 f"https://{host}{callback_endpoint}",