+33 -10

crates/atproto-client/README.md

··· 8 8 9 9 ## Binaries 10 10 11 11 - - **atproto-client-auth**: OAuth authentication flow helper 12 12 - - **atproto-client-app-password**: App password management tool 13 13 - - **atproto-client-dpop**: DPoP authentication testing tool 11 11 + All CLI tools require the `clap` feature: 12 12 + 13 13 + - **atproto-client-auth**: Create and refresh authentication sessions with AT Protocol services using identifier and password 14 14 + - **atproto-client-app-password**: Make authenticated XRPC calls using application-specific Bearer tokens and app passwords 15 15 + - **atproto-client-dpop**: Make authenticated XRPC calls using DPoP (Demonstration of Proof-of-Possession) tokens for enhanced security 14 16 15 17 ## Usage 16 18 ··· 55 57 56 58 ## Command Line Examples 57 59 60 60 + ### Create and Manage Sessions 61 61 + 58 62 ```bash 59 59 - # Test DPoP authentication 60 60 - cargo run --bin atproto-client-dpop \ 61 61 - --private-key did:key:zQ3sh... \ 62 62 - --access-token token \ 63 63 - --issuer did:plc:issuer \ 64 64 - --url https://pds.example.com/xrpc/... \ 65 65 - --method GET 63 63 + # Create an authentication session with username and password 64 64 + cargo run --features clap --bin atproto-client-auth -- login alice.example.com my_password 65 65 + 66 66 + # Use an existing app password for session creation 67 67 + cargo run --features clap --bin atproto-client-auth -- session alice.example.com app_password_token 68 68 + ``` 69 69 + 70 70 + ### App Password Authentication 71 71 + 72 72 + ```bash 73 73 + # Make an XRPC call using app password Bearer token 74 74 + cargo run --features clap --bin atproto-client-app-password -- \ 75 75 + did:plc:user123 \ 76 76 + your_access_token \ 77 77 + com.atproto.repo.listRecords 78 78 + ``` 79 79 + 80 80 + ### DPoP Authentication 81 81 + 82 82 + ```bash 83 83 + # Make an authenticated XRPC call using DPoP tokens 84 84 + cargo run --features clap --bin atproto-client-dpop -- \ 85 85 + did:plc:user123 \ 86 86 + did:key:zQ3sh... \ 87 87 + your_access_token \ 88 88 + com.atproto.repo.getRecord 66 89 ``` 67 90 68 91 ## License

+31 -5

crates/atproto-client/src/lib.rs

··· 1 1 - //! HTTP client for AT Protocol services with DPoP authentication and XRPC support. 1 1 + //! # AT Protocol HTTP Client Library 2 2 //! 3 3 - //! Provides binaries: 4 4 - //! - `atproto-client-dpop`: Make authenticated XRPC calls using DPoP tokens 5 5 - //! - `atproto-client-auth`: Manage app password authentication and sessions 6 6 - //! - `atproto-client-app-password`: Make authenticated XRPC calls using Bearer tokens 3 3 + //! Comprehensive HTTP client library for AT Protocol services with support for multiple 4 4 + //! authentication methods and XRPC protocol operations. Provides both low-level HTTP 5 5 + //! client functionality and high-level AT Protocol specific operations. 6 6 + //! 7 7 + //! ## Key Features 8 8 + //! 9 9 + //! - **Multiple Authentication Methods**: DPoP, Bearer tokens, and session-based authentication 10 10 + //! - **XRPC Protocol Support**: Native support for AT Protocol's XRPC communication protocol 11 11 + //! - **Repository Operations**: Complete client for AT Protocol repository operations 12 12 + //! - **Session Management**: Authentication session creation, refresh, and validation 13 13 + //! - **Error Handling**: Structured error types with detailed context for debugging 14 14 + //! - **URL Utilities**: Helper functions for AT Protocol URL construction and validation 15 15 + //! 16 16 + //! ## Architecture 17 17 + //! 18 18 + //! The library provides both raw HTTP client capabilities and AT Protocol specific abstractions: 19 19 + //! 20 20 + //! - **`client`**: Core HTTP client with authentication middleware support 21 21 + //! - **`url`**: URL construction and validation utilities for AT Protocol endpoints 22 22 + //! - **`com::atproto::repo`**: Repository operations for record management 23 23 + //! - **`com::atproto::server`**: Server operations for authentication and session management 24 24 + //! - **`errors`**: Structured error types for HTTP and authentication failures 25 25 + //! 26 26 + //! ## Command-Line Tools 27 27 + //! 28 28 + //! When built with the `clap` feature, provides XRPC client tools: 29 29 + //! 30 30 + //! - **`atproto-client-dpop`**: Make authenticated XRPC calls using DPoP (Demonstration of Proof-of-Possession) tokens 31 31 + //! - **`atproto-client-auth`**: Create and refresh authentication sessions with AT Protocol services 32 32 + //! - **`atproto-client-app-password`**: Make authenticated XRPC calls using application-specific Bearer tokens 7 33 8 34 #![forbid(unsafe_code)] 9 35 #![warn(missing_docs)]

+36 -6

crates/atproto-identity/src/lib.rs

··· 1 1 - //! AT Protocol identity management library for DID resolution, handle resolution, and cryptographic key operations. 1 1 + //! # AT Protocol Identity Management Library 2 2 + //! 3 3 + //! Comprehensive Rust library for AT Protocol identity operations including DID resolution, 4 4 + //! handle resolution, and cryptographic key management. This is the core identity management 5 5 + //! library for building AT Protocol applications and services. 6 6 + //! 7 7 + //! ## Key Features 8 8 + //! 9 9 + //! - **Multi-Method DID Resolution**: Support for `did:plc`, `did:web`, and `did:key` methods 10 10 + //! - **Handle Resolution**: DNS and HTTP-based handle-to-DID resolution with conflict detection 11 11 + //! - **Cryptographic Key Operations**: P-256, P-384, and K-256 key generation, signing, and validation 12 12 + //! - **DID Document Management**: Parsing, validation, and caching of DID documents 13 13 + //! - **Storage Abstraction**: Pluggable storage with LRU cache implementation 14 14 + //! - **Configuration Management**: Environment-based configuration with validation 15 15 + //! - **Error Handling**: Structured error types with descriptive messages 2 16 //! 3 3 - //! Provides binaries: 4 4 - //! - `atproto-identity-resolve`: Resolve handles and DIDs to identity documents 5 5 - //! - `atproto-identity-key`: Generate and manage cryptographic keys 6 6 - //! - `atproto-identity-sign`: Sign data with private keys 7 7 - //! - `atproto-identity-validate`: Validate handles and DIDs 17 17 + //! ## Architecture 18 18 + //! 19 19 + //! The library is organized into focused modules that can be used independently or together: 20 20 + //! 21 21 + //! - **`resolve`**: Core identity resolution logic for handles and DIDs 22 22 + //! - **`plc`**: PLC directory client for `did:plc` resolution 23 23 + //! - **`web`**: Web DID client for `did:web` resolution and URL conversion 24 24 + //! - **`key`**: Cryptographic operations including signature validation and key identification 25 25 + //! - **`model`**: Data structures for DID documents and AT Protocol entities 26 26 + //! - **`validation`**: Input validation for handles and DIDs 27 27 + //! - **`storage`**: Storage abstraction for DID document caching 28 28 + //! - **`config`**: Configuration management and environment variable handling 29 29 + //! 30 30 + //! ## Command-Line Tools 31 31 + //! 32 32 + //! When built with the `clap` feature, provides comprehensive CLI tools: 33 33 + //! 34 34 + //! - **`atproto-identity-resolve`**: Resolve AT Protocol handles and DIDs to canonical identifiers 35 35 + //! - **`atproto-identity-key`**: Generate and manage cryptographic keys (P-256, P-384, K-256) 36 36 + //! - **`atproto-identity-sign`**: Create cryptographic signatures of JSON data 37 37 + //! - **`atproto-identity-validate`**: Validate cryptographic signatures 8 38 9 39 #![forbid(unsafe_code)] 10 40 #![warn(missing_docs)]

+25 -3

crates/atproto-jetstream/src/lib.rs

··· 1 1 - //! WebSocket-based event stream consumer for AT Protocol Jetstream with Zstandard compression. 1 1 + //! # AT Protocol Jetstream Consumer Library 2 2 //! 3 3 - //! Provides binary: 4 4 - //! - `atproto-jetstream-consumer`: Consume and log Jetstream events from AT Protocol relays 3 3 + //! Real-time WebSocket consumer library for AT Protocol Jetstream events with high-performance 4 4 + //! streaming and compression support. Enables applications to receive live AT Protocol events 5 5 + //! such as posts, likes, follows, and other repository changes. 6 6 + //! 7 7 + //! ## Key Features 8 8 + //! 9 9 + //! - **WebSocket Streaming**: Real-time event consumption via WebSocket connections 10 10 + //! - **Zstandard Compression**: Built-in support for Zstandard (zstd) compressed event streams 11 11 + //! - **Background Processing**: Asynchronous event processing with configurable concurrency 12 12 + //! - **Resilient Connections**: Automatic reconnection handling for production reliability 13 13 + //! - **Event Filtering**: Configurable filtering for specific event types and collections 14 14 + //! - **Performance Optimized**: Low-latency event processing with minimal overhead 15 15 + //! 16 16 + //! ## Architecture 17 17 + //! 18 18 + //! The library provides a high-level consumer interface with customizable event handlers: 19 19 + //! 20 20 + //! - **`consumer`**: Core WebSocket consumer with event handling and connection management 21 21 + //! 22 22 + //! ## Command-Line Tools 23 23 + //! 24 24 + //! When built with the `clap` feature, provides Jetstream consumer tools: 25 25 + //! 26 26 + //! - **`atproto-jetstream-consumer`**: Connect to AT Protocol Jetstream and consume real-time events with Zstandard compression 5 27 6 28 #![forbid(unsafe_code)] 7 29 #![warn(missing_docs)]

+10 -10

crates/atproto-oauth-aip/src/errors.rs

··· 6 6 //! 7 7 //! ## Error Categories 8 8 //! 9 9 - //! - **`OAuthWorkflowError`** (1 to 8): OAuth workflow operations including PAR, token exchange, and session management 9 9 + //! - **`OAuthWorkflowError`** (workflow-1 to workflow-8): OAuth workflow operations including PAR, token exchange, and session management 10 10 //! 11 11 //! ## Error Format 12 12 //! 13 13 - //! All errors use the standardized format: `error-atproto-oauth-aip-{number} {message}: {details}` 13 13 + //! All errors use the standardized format: `error-atproto-oauth-aip-{domain}-{number} {message}: {details}` 14 14 15 15 use thiserror::Error; 16 16 ··· 22 22 #[derive(Debug, Error)] 23 23 pub enum OAuthWorkflowError { 24 24 /// Failed to send PAR HTTP request. 25 25 - #[error("error-atproto-oauth-aip-1 PAR HTTP request failed: {0}")] 25 25 + #[error("error-atproto-oauth-aip-workflow-1 PAR HTTP request failed: {0}")] 26 26 ParRequestFailed(#[source] reqwest::Error), 27 27 28 28 /// Failed to parse PAR response JSON. 29 29 - #[error("error-atproto-oauth-aip-2 PAR HTTP request parse failed: {0}")] 29 29 + #[error("error-atproto-oauth-aip-workflow-2 PAR HTTP request parse failed: {0}")] 30 30 ParResponseParseFailed(#[source] reqwest::Error), 31 31 32 32 /// PAR response contained an error. 33 33 - #[error("error-atproto-oauth-aip-3 PAR HTTP response invalid: {message}")] 33 33 + #[error("error-atproto-oauth-aip-workflow-3 PAR HTTP response invalid: {message}")] 34 34 ParResponseInvalid { 35 35 /// Error message from the PAR response. 36 36 message: String, 37 37 }, 38 38 39 39 /// Failed to send token exchange HTTP request. 40 40 - #[error("error-atproto-oauth-aip-4 Token request failed: {0}")] 40 40 + #[error("error-atproto-oauth-aip-workflow-4 Token request failed: {0}")] 41 41 TokenRequestFailed(#[source] reqwest::Error), 42 42 43 43 /// Failed to parse token response JSON. 44 44 - #[error("error-atproto-oauth-aip-5 Token response json parsing failed: {0}")] 44 44 + #[error("error-atproto-oauth-aip-workflow-5 Token response json parsing failed: {0}")] 45 45 TokenResponseParseFailed(#[source] reqwest::Error), 46 46 47 47 /// Failed to send session exchange HTTP request. 48 48 - #[error("error-atproto-oauth-aip-6 Session request failed: {0}")] 48 48 + #[error("error-atproto-oauth-aip-workflow-6 Session request failed: {0}")] 49 49 SessionRequestFailed(#[source] reqwest::Error), 50 50 51 51 /// Failed to parse session response JSON. 52 52 - #[error("error-atproto-oauth-aip-7 Session json parsing failed: {0}")] 52 52 + #[error("error-atproto-oauth-aip-workflow-7 Session json parsing failed: {0}")] 53 53 SessionResponseParseFailed(#[source] reqwest::Error), 54 54 55 55 /// Session response contained an error. 56 56 - #[error("error-atproto-oauth-aip-8 Session response invalid: {message}")] 56 56 + #[error("error-atproto-oauth-aip-workflow-8 Session response invalid: {message}")] 57 57 SessionResponseInvalid { 58 58 /// Error message from the session response. 59 59 message: String,

+6 -6

crates/atproto-oauth-aip/src/lib.rs

··· 23 23 //! use atproto_oauth_aip::workflow::{oauth_init, oauth_complete, session_exchange, OAuthClient}; 24 24 //! use atproto_oauth::resources::AuthorizationServer; 25 25 //! use atproto_oauth::workflow::OAuthRequestState; 26 26 - //! 26 26 + //! 27 27 //! let http_client = reqwest::Client::new(); 28 28 //! let oauth_client = OAuthClient { 29 29 //! redirect_uri: "https://redirect.example.com/callback".to_string(), 30 30 //! client_id: "client123".to_string(), 31 31 //! client_secret: "secret456".to_string(), 32 32 //! }; 33 33 - //! 33 33 + //! 34 34 //! let authorization_server = AuthorizationServer { 35 35 //! issuer: "https://auth.example.com".to_string(), 36 36 //! authorization_endpoint: "https://auth.example.com/authorize".to_string(), ··· 49 49 //! dpop_signing_alg_values_supported: vec!["ES256".to_string()], 50 50 //! client_id_metadata_document_supported: true, 51 51 //! }; 52 52 - //! 52 52 + //! 53 53 //! let oauth_request_state = OAuthRequestState { 54 54 //! state: "random-state".to_string(), 55 55 //! nonce: "random-nonce".to_string(), 56 56 //! code_challenge: "code-challenge".to_string(), 57 57 //! scope: "atproto transition:generic".to_string(), 58 58 //! }; 59 59 - //! 59 59 + //! 60 60 //! // Initialize OAuth flow with PAR 61 61 //! let par_response = oauth_init( 62 62 //! &http_client, ··· 65 65 //! &authorization_server, 66 66 //! &oauth_request_state 67 67 //! ).await?; 68 68 - //! 68 68 + //! 69 69 //! // Complete OAuth flow with authorization code 70 70 //! # let oauth_request = atproto_oauth::workflow::OAuthRequest { 71 71 //! # oauth_state: "state".to_string(), ··· 85 85 //! "authorization_code", 86 86 //! &oauth_request 87 87 //! ).await?; 88 88 - //! 88 88 + //! 89 89 //! // Exchange tokens for AT Protocol session 90 90 //! # let protected_resource = atproto_oauth::resources::OAuthProtectedResource { 91 91 //! # resource: "https://pds.example.com".to_string(),

+30 -3

crates/atproto-oauth-axum/src/lib.rs

··· 1 1 - //! Axum web handlers for AT Protocol OAuth 2.0 client endpoints with DPoP support. 1 1 + //! # AT Protocol OAuth Axum Integration Library 2 2 + //! 3 3 + //! Axum web framework integration for AT Protocol OAuth workflows with comprehensive 4 4 + //! handler implementations for OAuth endpoints. Provides production-ready web handlers 5 5 + //! for OAuth authorization, callback processing, and JWKS endpoint management. 6 6 + //! 7 7 + //! ## Key Features 8 8 + //! 9 9 + //! - **Axum Integration**: Native Axum web framework handlers for OAuth endpoints 10 10 + //! - **OAuth Workflow Handlers**: Complete OAuth authorization and callback processing 11 11 + //! - **JWKS Endpoint**: JSON Web Key Set endpoint for public key distribution 12 12 + //! - **Metadata Endpoints**: OAuth authorization server metadata endpoint implementation 13 13 + //! - **State Management**: Secure OAuth state and request management with storage abstraction 14 14 + //! - **Error Handling**: Comprehensive error handling with proper HTTP status codes 15 15 + //! 16 16 + //! ## Architecture 17 17 + //! 18 18 + //! The library provides Axum-compatible handlers and state management: 2 19 //! 3 3 - //! Provides binary: 4 4 - //! - `atproto-oauth-tool`: OAuth client for login and token refresh operations 20 20 + //! - **`handle_init`**: OAuth authorization initiation handler 21 21 + //! - **`handle_complete`**: OAuth callback and completion handler 22 22 + //! - **`handle_jwks`**: JWKS (JSON Web Key Set) endpoint handler 23 23 + //! - **`handler_metadata`**: OAuth authorization server metadata handler 24 24 + //! - **`state`**: Shared application state management for OAuth operations 25 25 + //! - **`errors`**: Specialized error types for web handler operations 26 26 + //! 27 27 + //! ## Command-Line Tools 28 28 + //! 29 29 + //! When built with the `clap` feature, provides OAuth management tools: 30 30 + //! 31 31 + //! - **`atproto-oauth-tool`**: Command-line OAuth login, token management, and workflow testing 5 32 6 33 #![forbid(unsafe_code)] 7 34 #![warn(missing_docs)]

-7

crates/atproto-oauth/README.md

··· 16 16 - **Request storage**: LRU cache-based OAuth request storage 17 17 - **Structured errors**: Comprehensive error handling with detailed error codes 18 18 19 19 - ## Binaries 20 20 - 21 21 - All CLI tools require the `clap` feature and are provided via the atproto-oauth-axum crate: 22 22 - 23 23 - - **atproto-oauth-tool**: OAuth authentication workflow management 24 24 - 25 25 - 26 19 ## Usage 27 20 28 21 ### JWT Operations

+1 -3

crates/atproto-xrpcs/README.md

··· 6 6 7 7 `atproto-xrpcs` provides foundational components for building AT Protocol XRPC services. This library offers JWT-based authorization extractors that integrate with Axum web handlers, enabling secure XRPC endpoints with automatic DID document verification. 8 8 9 9 - ## Binaries 10 10 - 11 11 - - **atproto-xrpcs-helloworld**: Complete example XRPC service with DID:web functionality (via atproto-xrpcs-helloworld crate) 9 9 + This is a library-only crate that provides reusable components for XRPC service development. For a complete example service implementation, see the `atproto-xrpcs-helloworld` crate. 12 10 13 11 ## Features 14 12

+26 -3

crates/atproto-xrpcs/src/lib.rs

··· 1 1 - //! XRPC service components for AT Protocol with JWT authorization and DID verification. 1 1 + //! # AT Protocol XRPC Service Framework 2 2 + //! 3 3 + //! Service framework for building AT Protocol XRPC applications with built-in JWT authorization, 4 4 + //! DID resolution, and identity verification. Provides the foundational components needed to 5 5 + //! create production AT Protocol services and applications. 6 6 + //! 7 7 + //! ## Key Features 8 8 + //! 9 9 + //! - **JWT Authorization**: Comprehensive JWT token validation with DID-based issuer verification 10 10 + //! - **XRPC Protocol Support**: Native implementation of AT Protocol's XRPC communication standard 11 11 + //! - **DID Resolution Integration**: Automatic DID document resolution and key verification 12 12 + //! - **Identity Verification**: Cryptographic verification of JWT signatures using DID documents 13 13 + //! - **Authorization Middleware**: Reusable authorization components for Axum and other frameworks 14 14 + //! - **Error Handling**: Structured error types for authorization and service operations 15 15 + //! 16 16 + //! ## Architecture 17 17 + //! 18 18 + //! The framework provides modular components for building XRPC services: 2 19 //! 3 3 - //! Provides binaries: 4 4 - //! - `atproto-xrpcs-helloworld`: Complete example XRPC service with DID:web functionality (via atproto-xrpcs-helloworld crate) 20 20 + //! - **`authorization`**: JWT validation and DID-based authorization middleware 21 21 + //! - **`errors`**: Specialized error types for authorization and XRPC operations 22 22 + //! 23 23 + //! ## Example Applications 24 24 + //! 25 25 + //! Complete example services demonstrating framework usage: 26 26 + //! 27 27 + //! - **`atproto-xrpcs-helloworld`**: Complete example XRPC service with DID:web functionality and authorization 5 28 6 29 #![forbid(unsafe_code)] 7 30 #![warn(missing_docs)]