docs: add oauth authentication flow documentation

zzstoatzz.io / at-me

fork atom

interactive intro to open social at-me.zzstoatzz.io

fork atom

zzstoatzz.io 4 months ago 599137d3 0bcba861

+27

1 changed file

expand all

unified split

docs

oauth.md

+27

docs/oauth.md

···

··· 1 + # oauth 2 + 3 + at-me uses atproto oauth for authentication. 4 + 5 + ## flow 6 + 7 + 1. user enters handle on landing page 8 + 2. app resolves handle → DID → authorization server via did document 9 + 3. authorization server redirects to user's pds for consent 10 + 4. user approves, receives redirect back with auth code 11 + 5. app exchanges code for access token 12 + 6. token stored in session, used for authenticated api calls 13 + 14 + ## scopes 15 + 16 + ```rust 17 + Scope::Known(KnownScope::Atproto), 18 + Scope::Unknown("repo:app.at-me.visit".to_string()), 19 + ``` 20 + 21 + the granular scope `repo:app.at-me.visit` limits write access to only guestbook records. 22 + 23 + ## session management 24 + 25 + sessions use actix-web's cookie-based session middleware. authenticated agents cached in-memory by DID for performance (`AGENT_CACHE`). 26 + 27 + see `src/oauth.rs` for implementation.