# OAuth Masterclass Python

A Flask application demonstrating ATProtocol OAuth with DPoP (Demonstrating Proof-of-Possession) and PKCE (Proof Key for Code Exchange).

Part of the **OAuth Masterclass** by [Nick Gerakines](https://github.com/ngerakines).

## Prerequisites

- Python 3.7 or higher
- pip

## Setup and Installation

1. Create a virtual environment:
```bash
python -m venv venv
```

2. Activate the virtual environment:
```bash
# On macOS/Linux:
source venv/bin/activate

# On Windows:
venv\Scripts\activate
```

3. Install dependencies:
```bash
pip install flask requests pyjwt cryptography dnspython
```

## Running the Application

1. Ensure your virtual environment is activated (see step 2 above)

2. Run the Flask application:
```bash
python app.py
```

3. The application will start on port 5000. Access it at:
   - Local development: `http://localhost:5000`
   - Production: `https://oauth-py.smokesignal.tools`

## Features

- ATProtocol OAuth authentication
- DPoP token binding
- PKCE for enhanced security
- Handle resolution with HTTP fallback to DNS (following ATProtocol specification)
- DID document resolution (did:plc and did:web)
- Token refresh handling
- Protected routes with automatic token refresh

## Deactivating the Virtual Environment

When you're done, deactivate the virtual environment:
```bash
deactivate
```

# Demo

1. Start the application
2. Start the proxy
3. Visit https://oauth-py.smokesignal.tools/
4. Example records at https://pdsls.dev/at://did:plc:cbkjy5n7bk3ax2wplmtjofq2/garden.lexicon.oauth-masterclass.now

## License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.