tranquil.farm
when using a service that doesn't support oauth scopes, such as https://cleanfollow-bsky.pages.dev/, a error is produced with the code "Uncaught (in promise) Error: InsufficientScope". despite a unauthenticated account being able to see the same data.
Our Personal Data Server from scratch!
tranquil.farm
oauth
atproto
pds
rust
postgresql
objectstorage
fun
no oauth scopes leads to errors on oauth #28
closed
opened by
isabelroses.com
isabelroses.com
hmmm i would need to look more in detail about what is actually happening since cleanfollow does actually do granular scopes so i assume this is happening when it uses the PDSs own APIs to read out all the follows. my gut reaction is that this is tranquil doing something wrong since scopes are very much about gaining more access than you would have when unauthenticated. which is also why the repo resource type doesnt have a read action since that is always allowed (which also means if we dont change this how on earth would an app request access to read?)
ooookay. investigation shows that this is because clean follow adds the proxy header to the listRecords call saying to proxy to the main bluesky appview. and since it has not requested scopes to proxy that call to the bluesky appview tranquil rightfully rejects it! ... so its yet more proxying issues
made an issue on the cleanfollow repo https://github.com/notjuliet/cleanfollow-bsky/issues/19
@nel.pet what do you think of this? on the one hand yes we could easily not care about list endpoints and have them succeed if auth isn't technically needed for them, but on the other hand the whole point of scopes is to even request read access