ligo.at / core
decentralized and customizable links page on top of atproto ligo.at
atproto link-in-bio python uv
fork atom

use ligo.at permission set in oauth scope

nauta.one 7bbcc337 e0c9fd09

+5 -5
unified split
+5 -5
src/oauth.py
··· 33 34 oauth = Blueprint("oauth", __name__, url_prefix="/oauth") 35 36 37 @oauth.get("/start") 38 async def oauth_start(): ··· 86 87 # Auth 88 dpop_private_jwk: Key = JsonWebKey.generate_key("EC", "P-256", is_private=True) 89 - scope = "atproto transition:generic" 90 91 host = request.host 92 metadata_endpoint = url_for("oauth.oauth_metadata") ··· 105 login_hint, 106 client_id, 107 redirect_uri, 108 - scope, 109 CLIENT_SECRET_JWK, 110 dpop_private_jwk, 111 ) ··· 127 handle, 128 pds_url, 129 pkce_verifier, 130 - scope, 131 dpop_authserver_nonce, 132 dpop_private_jwk.as_json(is_private=True), 133 ) ··· 197 198 await client.close() 199 200 - assert row.scope == tokens.scope 201 assert pds_url is not None 202 203 current_app.logger.debug("storing user oauth session") ··· 230 { 231 "client_id": f"https://{host}{metadata_endpoint}", 232 "grant_types": ["authorization_code", "refresh_token"], 233 - "scope": "atproto transition:generic", 234 "response_types": ["code"], 235 "redirect_uris": [ 236 f"https://{host}{callback_endpoint}",
··· 33 34 oauth = Blueprint("oauth", __name__, url_prefix="/oauth") 35 36 + OAUTH_SCOPE = "atproto include:at.ligo.authFull" 37 + 38 39 @oauth.get("/start") 40 async def oauth_start(): ··· 88 89 # Auth 90 dpop_private_jwk: Key = JsonWebKey.generate_key("EC", "P-256", is_private=True) 91 92 host = request.host 93 metadata_endpoint = url_for("oauth.oauth_metadata") ··· 106 login_hint, 107 client_id, 108 redirect_uri, 109 + OAUTH_SCOPE, 110 CLIENT_SECRET_JWK, 111 dpop_private_jwk, 112 ) ··· 128 handle, 129 pds_url, 130 pkce_verifier, 131 + OAUTH_SCOPE, 132 dpop_authserver_nonce, 133 dpop_private_jwk.as_json(is_private=True), 134 ) ··· 198 199 await client.close() 200 201 assert pds_url is not None 202 203 current_app.logger.debug("storing user oauth session") ··· 230 { 231 "client_id": f"https://{host}{metadata_endpoint}", 232 "grant_types": ["authorization_code", "refresh_token"], 233 + "scope": OAUTH_SCOPE, 234 "response_types": ["code"], 235 "redirect_uris": [ 236 f"https://{host}{callback_endpoint}",