vielle.dev / dnd-astral-powers
this repo has no description
fork atom

use proper scopes now i hope lmao

also pseudo error handling on the login form

vielle.dev 21b9ff9c 97fc98f8

verified
+30 -4
unified split
+20
lexicons/dev/vielle/dnd/authAstral.json
··· 1 + { 2 + "lexicon": 1, 3 + "id": "dev.vielle.dnd.authAstral", 4 + "description": "Auth for dev.vielle.dnd.astral records", 5 + "defs": { 6 + "main": { 7 + "type": "permission-set", 8 + "title": "Edit your astral powers", 9 + "detail": "Edit the point total and power list", 10 + "permissions": [ 11 + { 12 + "type": "permission", 13 + "action": ["create", "update"], 14 + "resource": "repo", 15 + "collection": ["dev.vielle.dnd.astral"] 16 + } 17 + ] 18 + } 19 + } 20 + }
+1 -1
src/lib/auth.ts
··· 24 24 client_id: 25 25 "https://cimd.vielle.dev/oauth-client-metadata.json?" + 26 26 new URLSearchParams({ 27 - scopes: "atproto transition:generic", 27 + scopes: metadata.scope, 28 28 callback: "/atproto/callback", 29 29 }), 30 30 redirect_uri: "https://cimd.vielle.dev/atproto/callback",
+1 -1
src/oauth-client-metadata.json
··· 2 2 "client_id": "https://dnd.vielle.dev/oauth-client-metadata.json", 3 3 "application_type": "web", 4 4 "grant_types": ["authorization_code"], 5 - "scope": "atproto transition:generic", 5 + "scope": "atproto include:dev.vielle.dnd.authAstral", 6 6 "response_types": ["code"], 7 7 "redirect_uris": ["https://dnd.vielle.dev/atproto/callback"], 8 8 "token_endpoint_auth_method": "none",
+8 -2
src/pages/atproto/login.astro
··· 7 7 import "actor-typeahead"; 8 8 import { createAuthorizationUrl } from "@atcute/oauth-browser-client"; 9 9 import { getAuth } from "../../lib/auth"; 10 + import metadata from "../../oauth-client-metadata.json" with { type: "json" }; 10 11 11 12 // if theres a did in storage and it restores, go to / 12 13 if (localStorage.getItem("did") && (await getAuth().then((x) => !!x[0]))) 13 14 window.location.assign("/"); 14 15 15 16 const submit = document.getElementById( 16 - "submit" 17 + "submit", 17 18 ) as HTMLButtonElement | null; 18 19 if (!submit) throw null; 19 20 submit.addEventListener("click", async (ev) => { ··· 32 33 type: "account", 33 34 identifier: handle as `${string}.${string}`, 34 35 }, 35 - scope: "atproto transition:generic", 36 + scope: metadata.scope, 37 + }).catch((err) => { 38 + submit.disabled = false; 39 + alert(`Error: ${err}`); 40 + console.error(err); 41 + throw err; 36 42 }); 37 43 38 44 await new Promise((res) => setTimeout(res, 200)); // let browser persist local storage