granular oauth scopes · margin.at/margin@4b370a0

margin.at / margin

fork atom

Write on the margins of the internet. Powered by the AT Protocol. margin.at

extension web atproto comments

fork atom

granular oauth scopes

scanash.com 1 month ago 4b370a0b 1a89a3f0

+42 -12

1 changed file

expand all

unified split

backend

internal

oauth

handler.go

+42 -12

backend/internal/oauth/handler.go

··· 140 140 141 141 pkceVerifier, pkceChallenge := client.GeneratePKCE() 142 142 143 - scope := "atproto transition:generic" 143 + scope := "atproto " + 144 + "at.margin.annotation " + 145 + "at.margin.highlight " + 146 + "at.margin.bookmark " + 147 + "at.margin.reply " + 148 + "at.margin.like " + 149 + "at.margin.collection " + 150 + "at.margin.collectionItem " + 151 + "rpc:app.bsky.actor.searchActorsTypeahead?aud=* " + 152 + "rpc:app.bsky.actor.getProfiles?aud=* " + 153 + "rpc:com.atproto.identity.resolveHandle?aud=*" 144 154 145 155 parResp, state, dpopNonce, err := client.SendPAR(meta, handle, scope, dpopKey, pkceChallenge) 146 156 if err != nil { ··· 240 250 } 241 251 242 252 pkceVerifier, pkceChallenge := client.GeneratePKCE() 243 - scope := "atproto transition:generic" 253 + scope := "atproto " + 254 + "at.margin.annotation " + 255 + "at.margin.highlight " + 256 + "at.margin.bookmark " + 257 + "at.margin.reply " + 258 + "at.margin.like " + 259 + "at.margin.collection " + 260 + "at.margin.collectionItem " + 261 + "rpc:app.bsky.actor.searchActorsTypeahead?aud=* " + 262 + "rpc:app.bsky.actor.getProfiles?aud=* " + 263 + "rpc:com.atproto.identity.resolveHandle?aud=*" 244 264 245 265 parResp, state, dpopNonce, err := client.SendPAR(meta, req.Handle, scope, dpopKey, pkceChallenge) 246 266 if err != nil { ··· 481 501 482 502 w.Header().Set("Content-Type", "application/json") 483 503 json.NewEncoder(w).Encode(map[string]interface{}{ 484 - "client_id": client.ClientID, 485 - "client_name": "Margin", 486 - "client_uri": baseURL, 487 - "logo_uri": baseURL + "/logo.svg", 488 - "tos_uri": baseURL + "/terms", 489 - "policy_uri": baseURL + "/privacy", 490 - "redirect_uris": []string{client.RedirectURI}, 491 - "grant_types": []string{"authorization_code", "refresh_token"}, 492 - "response_types": []string{"code"}, 493 - "scope": "atproto transition:generic", 504 + "client_id": client.ClientID, 505 + "client_name": "Margin", 506 + "client_uri": baseURL, 507 + "logo_uri": baseURL + "/logo.svg", 508 + "tos_uri": baseURL + "/terms", 509 + "policy_uri": baseURL + "/privacy", 510 + "redirect_uris": []string{client.RedirectURI}, 511 + "grant_types": []string{"authorization_code", "refresh_token"}, 512 + "response_types": []string{"code"}, 513 + "scope": "atproto " + 514 + "at.margin.annotation " + 515 + "at.margin.highlight " + 516 + "at.margin.bookmark " + 517 + "at.margin.reply " + 518 + "at.margin.like " + 519 + "at.margin.collection " + 520 + "at.margin.collectionItem " + 521 + "rpc:app.bsky.actor.searchActorsTypeahead?aud=* " + 522 + "rpc:app.bsky.actor.getProfiles?aud=* " + 523 + "rpc:com.atproto.identity.resolveHandle?aud=*", 494 524 "token_endpoint_auth_method": "private_key_jwt", 495 525 "token_endpoint_auth_signing_alg": "ES256", 496 526 "dpop_bound_access_tokens": true,