config/client.php at main · socialde.pt/atp-client

socialde.pt / atp-client
Laravel AT Protocol Client (alpha & unstable)
atp-client / config / client.php
at main 7.3 kB view raw
  1<?php
  2
  3use SocialDept\AtpClient\Enums\ScopeAuthorizationFailure;
  4use SocialDept\AtpClient\Enums\ScopeEnforcementLevel;
  5
  6return [
  7    /*
  8    |--------------------------------------------------------------------------
  9    | Client Configuration
 10    |--------------------------------------------------------------------------
 11    |
 12    | OAuth client configuration. The client_id is a URL that serves as the
 13    | unique identifier for your OAuth client. In production, this must be
 14    | an HTTPS URL pointing to your publicly accessible client metadata.
 15    |
 16    | For local development, use 'http://localhost' (no port) as the client_id.
 17    | The redirect_uri for localhost must use 127.0.0.1 with a port.
 18    |
 19    | @see https://atproto.com/specs/oauth#clients
 20    |
 21    */
 22    'client' => [
 23        'name' => env('ATP_CLIENT_NAME', config('app.name')),
 24        'url' => env('ATP_CLIENT_URL', config('app.url')),
 25
 26        // The client_id is the URL to your client metadata document.
 27        // For production: 'https://example.com/oauth/client-metadata.json'
 28        // For localhost:  'http://localhost' (exactly, no port)
 29        'client_id' => env('ATP_CLIENT_ID'),
 30
 31        // Redirect URIs for OAuth callback.
 32        // For localhost development, use 'http://127.0.0.1:<port>/callback'
 33        'redirect_uris' => array_filter([
 34            env('ATP_CLIENT_REDIRECT_URI'),
 35        ]),
 36
 37        'scopes' => ['atproto', 'transition:generic'],
 38    ],
 39
 40    /*
 41    |--------------------------------------------------------------------------
 42    | Credential Provider
 43    |--------------------------------------------------------------------------
 44    |
 45    | The credential provider handles storage and retrieval of OAuth tokens.
 46    | You can use the provided implementations or create your own.
 47    |
 48    */
 49    'credential_provider' => env(
 50        'ATP_CREDENTIAL_PROVIDER',
 51        \SocialDept\AtpClient\Providers\ArrayCredentialProvider::class
 52    ),
 53
 54    /*
 55    |--------------------------------------------------------------------------
 56    | Session Settings
 57    |--------------------------------------------------------------------------
 58    |
 59    | Configure session behavior including token refresh threshold and
 60    | DPoP key rotation interval.
 61    |
 62    */
 63    'session' => [
 64        // Refresh token if expires within this many seconds
 65        'refresh_threshold' => env('ATP_REFRESH_THRESHOLD', 300),
 66
 67        // Rotate DPoP keys after this many seconds
 68        'dpop_key_rotation' => env('ATP_DPOP_KEY_ROTATION', 86400),
 69    ],
 70
 71    /*
 72    |--------------------------------------------------------------------------
 73    | OAuth Configuration
 74    |--------------------------------------------------------------------------
 75    |
 76    | OAuth 2.0 settings for AT Protocol authentication. The private key is
 77    | used for signing client assertions. Generate a key with:
 78    | php artisan atp-client:generate-key
 79    |
 80    | The metadata endpoints are automatically available at:
 81    | - GET /atp/oauth/client-metadata.json
 82    | - GET /atp/oauth/jwks.json
 83    | - GET /.well-known/oauth-client-metadata
 84    |
 85    */
 86    'oauth' => [
 87        'disabled' => env('ATP_OAUTH_DISABLED', false),
 88        'prefix' => env('ATP_OAUTH_PREFIX', '/atp/oauth/'),
 89        'private_key' => env('ATP_OAUTH_PRIVATE_KEY'),
 90        'kid' => env('ATP_OAUTH_KID', 'atp-client-key'),
 91        'scope' => env('ATP_OAUTH_SCOPE', 'atproto transition:generic'),
 92
 93        'client_metadata' => [
 94            'client_name' => env('ATP_CLIENT_NAME', config('app.name')),
 95            'client_uri' => env('ATP_CLIENT_URL', config('app.url')),
 96            'logo_uri' => env('ATP_CLIENT_LOGO_URI'),
 97            'tos_uri' => env('ATP_CLIENT_TOS_URI'),
 98            'policy_uri' => env('ATP_CLIENT_POLICY_URI'),
 99        ],
100    ],
101
102    /*
103    |--------------------------------------------------------------------------
104    | HTTP Settings
105    |--------------------------------------------------------------------------
106    |
107    | Configure HTTP client behavior for XRPC requests.
108    |
109    */
110    'http' => [
111        'timeout' => env('ATP_HTTP_TIMEOUT', 30),
112        'retry' => [
113            'times' => env('ATP_HTTP_RETRY_TIMES', 3),
114            'sleep' => env('ATP_HTTP_RETRY_SLEEP', 100),
115        ],
116    ],
117
118    /*
119    |--------------------------------------------------------------------------
120    | Schema Validation
121    |--------------------------------------------------------------------------
122    |
123    | Enable or disable response validation against AT Protocol lexicon schemas.
124    | When enabled, responses are validated and ValidationException is thrown
125    | if the response doesn't match the expected schema.
126    |
127    */
128    'schema_validation' => env('ATP_SCHEMA_VALIDATION', false),
129
130    /*
131    |--------------------------------------------------------------------------
132    | Public API Configuration
133    |--------------------------------------------------------------------------
134    |
135    | Configuration for unauthenticated public API access. The public API
136    | allows reading public data without authentication.
137    |
138    */
139    'public' => [
140        'service_url' => env('ATP_PUBLIC_SERVICE_URL', 'https://public.api.bsky.app'),
141    ],
142
143    /*
144    |--------------------------------------------------------------------------
145    | Scope Enforcement
146    |--------------------------------------------------------------------------
147    |
148    | Configure how scope requirements are enforced. Options:
149    | - 'strict': Throws MissingScopeException if required scopes are missing
150    | - 'permissive': Logs a warning but attempts the request anyway
151    |
152    */
153    'scope_enforcement' => ScopeEnforcementLevel::tryFrom(
154        env('ATP_SCOPE_ENFORCEMENT', 'permissive')
155    ) ?? ScopeEnforcementLevel::Permissive,
156
157    /*
158    |--------------------------------------------------------------------------
159    | Scope Authorization
160    |--------------------------------------------------------------------------
161    |
162    | Configure behavior for the AtpScope facade and atp.scope middleware.
163    |
164    | failure_action: What happens when a scope check fails
165    | - 'abort': Return a 403 HTTP response
166    | - 'redirect': Redirect to the configured URL
167    | - 'exception': Throw ScopeAuthorizationException
168    |
169    | redirect_to: URL to redirect to when failure_action is 'redirect'
170    |
171    */
172    'scope_authorization' => [
173        'failure_action' => ScopeAuthorizationFailure::tryFrom(
174            env('ATP_SCOPE_FAILURE_ACTION', 'abort')
175        ) ?? ScopeAuthorizationFailure::Abort,
176
177        'redirect_to' => env('ATP_SCOPE_REDIRECT', '/login'),
178    ],
179
180    /*
181    |--------------------------------------------------------------------------
182    | Generator Settings
183    |--------------------------------------------------------------------------
184    |
185    | Configure paths for the make:atp-client and make:atp-request commands.
186    | Paths are relative to the application base path.
187    |
188    */
189    'generators' => [
190        'client_path' => 'app/Services/Clients',
191        'client_public_path' => 'app/Services/Clients/Public',
192        'request_path' => 'app/Services/Clients/Requests',
193        'request_public_path' => 'app/Services/Clients/Public/Requests',
194    ],
195];