src/oauth/metadata.ts at main

gui.do / sifa-api

fork atom

Sifa professional network API (Fastify, AT Protocol, Jetstream) sifa.id/

fork atom

sifa-api / src / oauth / metadata.ts

at main 32 lines 1.2 kB view raw

wrap content

Guido X Jansen fix(oauth): use atproto transition:generic only, drop repo: scopes (#196) 20hrs ago

0eab12b7

 1import type { FastifyInstance } from 'fastify';
 2import { readFileSync, existsSync } from 'node:fs';
 3import type { Env } from '../config.js';
 4
 5export function registerOAuthMetadata(app: FastifyInstance, config: Env) {
 6  if (config.NODE_ENV !== 'test' && !existsSync(config.OAUTH_JWKS_PATH)) {
 7    throw new Error(
 8      `JWKS file not found at ${config.OAUTH_JWKS_PATH} — OAuth metadata cannot be registered`,
 9    );
10  }
11  if (!existsSync(config.OAUTH_JWKS_PATH)) {
12    return;
13  }
14
15  const jwks = JSON.parse(readFileSync(config.OAUTH_JWKS_PATH, 'utf-8')) as Record<string, unknown>;
16
17  app.get('/oauth/client-metadata.json', async () => ({
18    client_id: `${config.PUBLIC_URL}/oauth/client-metadata.json`,
19    client_name: 'Sifa',
20    client_uri: config.PUBLIC_URL,
21    response_types: ['code'],
22    grant_types: ['authorization_code', 'refresh_token'],
23    scope: 'atproto transition:generic',
24    redirect_uris: [`${config.PUBLIC_URL}/oauth/callback`],
25    dpop_bound_access_tokens: true,
26    token_endpoint_auth_method: 'private_key_jwt',
27    token_endpoint_auth_signing_alg: 'ES256',
28    jwks_uri: `${config.PUBLIC_URL}/oauth/jwks.json`,
29  }));
30
31  app.get('/oauth/jwks.json', async () => jwks);
32}