dollspace.gay / Aurora-Prism
A third party ATProto appview
fork atom

Fix: OAuth key generation - add kid, alg, use fields and update to ES256K

Fixed setup-did-and-keys.sh to generate proper OAuth-compatible JWK with:
- kid (Key ID) - required for OAuth client
- alg: "ES256K" - secp256k1 signing algorithm
- use: "sig" - key usage indicator

Updated oauth-service.ts to use ES256K algorithm to match the secp256k1
keys generated by both setup-did-and-keys.sh and oauth-keyset-json.sh.

This fixes the error: "Client authentication method 'private_key_jwt'
requires at least one 'ES256' signing key with a 'kid' property"

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

dollspacegay.tngl.sh cbe2a171 bba07ee8

options
unified split
Changed files
+8 -1
server
services
oauth-service.ts
setup-did-and-keys.sh
+1 -1
server/services/oauth-service.ts
··· 228 228 response_types: ['code'], 229 229 application_type: 'web', 230 230 token_endpoint_auth_method: 'private_key_jwt', 231 - token_endpoint_auth_signing_alg: 'ES256', 231 + token_endpoint_auth_signing_alg: 'ES256K', 232 232 dpop_bound_access_tokens: true, 233 233 jwks_uri: `${BASE_URL}/jwks.json`, 234 234 },
+7
setup-did-and-keys.sh
··· 65 65 X_B64URL=$(echo -n $X_HEX | xxd -r -p | base64 | tr '/+' '_-' | tr -d '=') 66 66 Y_B64URL=$(echo -n $Y_HEX | xxd -r -p | base64 | tr '/+' '_-' | tr -d '=') 67 67 68 + # 8. Generate a unique Key ID (kid) 69 + KID="$(date +%s)-$(openssl rand -hex 4)" 70 + 68 71 # --- File Creation --- 69 72 mkdir -p public 70 73 ··· 104 107 105 108 # 9. Create the private key file (appview-signing-key.json) using jq 106 109 jq -n \ 110 + --arg kid "$KID" \ 107 111 --arg d "$D_B64URL" \ 108 112 --arg x "$X_B64URL" \ 109 113 --arg y "$Y_B64URL" \ 110 114 '{ 115 + kid: $kid, 111 116 kty: "EC", 112 117 crv: "secp256k1", 118 + alg: "ES256K", 119 + use: "sig", 113 120 d: $d, 114 121 x: $x, 115 122 y: $y