slices.network / quickslice
Auto-indexing service and GraphQL API for AT Protocol Records quickslice.slices.network/
atproto gleam graphql
fork atom

Send user's handle instead of DID for OAuth #8

open opened by trezy.codes targeting main

From the ATProto docs:

When passing an account identifier through to the Authorization Server as part of the Authorization Request in the login_hint, it is recommended to use the exact account identifier supplied by the user (handle or DID) to ensure any sign-in flow is consistent (users might not recognize their own account DID).

This is also mentioned in issue #9 - support passing handles as login_hint to oauth server.

The login_hint value is already available where necessary, it just needed to be used instead of the DID.

Labels

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:plc:4jrld6fwpnwqehtce56qshzv/sh.tangled.repo.pull/3mdbjokoefc22
+2 -2
Diff #0
unified split
+1 -1
server/src/handlers/admin_oauth_authorize.gleam
··· 190 190 " ", 191 191 )) 192 192 <> "&login_hint=" 193 - <> uri.percent_encode(did) 193 + <> uri.percent_encode(login_hint) 194 194 195 195 wisp.redirect(auth_url) 196 196 }
+1 -1
server/src/handlers/oauth/authorize.gleam
··· 430 430 <> "&scope=" 431 431 <> uri.percent_encode(scope) 432 432 <> "&login_hint=" 433 - <> uri.percent_encode(did) 433 + <> uri.percent_encode(option.unwrap(req.login_hint, "")) 434 434 435 435 Ok(RedirectToATProtocol(authorization_url: auth_url)) 436 436 }

History

1 round 0 comments
sign up or login to add to the discussion
trezy.codes submitted #0
1 commit
expand
983da80f
fix: use login handle instead of did for oauth
no conflicts, ready to merge
expand 0 comments