tangled.org / core
Monorepo for Tangled tangled.org
fork atom

oauth: add granular scope request for atproto records & everything tangled-related #1014

merged opened by lewis.moe targeting master from lewis.moe/tangled-core: fix-oauth-scopes
Labels

None yet.

assignee

None yet.

Participants 2
AT URI
at://did:plc:3fwecdnvtcscjnrx2p4n7alz/sh.tangled.repo.pull/3mczoufpgjz22
+43 -2
Diff #0
unified split
+2 -2
appview/oauth/oauth.go
··· 41 if config.Core.Dev { 42 clientUri = "http://127.0.0.1:3000" 43 callbackUri := clientUri + "/oauth/callback" 44 - oauthConfig = oauth.NewLocalhostConfig(callbackUri, []string{"atproto", "transition:generic"}) 45 } else { 46 clientUri = config.Core.AppviewHost 47 clientId := fmt.Sprintf("%s/oauth/client-metadata.json", clientUri) 48 callbackUri := clientUri + "/oauth/callback" 49 - oauthConfig = oauth.NewPublicConfig(clientId, callbackUri, []string{"atproto", "transition:generic"}) 50 } 51 52 // configure client secret
··· 41 if config.Core.Dev { 42 clientUri = "http://127.0.0.1:3000" 43 callbackUri := clientUri + "/oauth/callback" 44 + oauthConfig = oauth.NewLocalhostConfig(callbackUri, TangledScopes) 45 } else { 46 clientUri = config.Core.AppviewHost 47 clientId := fmt.Sprintf("%s/oauth/client-metadata.json", clientUri) 48 callbackUri := clientUri + "/oauth/callback" 49 + oauthConfig = oauth.NewPublicConfig(clientId, callbackUri, TangledScopes) 50 } 51 52 // configure client secret
+41
appview/oauth/scopes.go
···
··· 1 + package oauth 2 + 3 + var TangledScopes = []string{ 4 + "atproto", 5 + 6 + "repo:sh.tangled.publicKey", 7 + "repo:sh.tangled.repo", 8 + "repo:sh.tangled.repo.pull", 9 + "repo:sh.tangled.repo.pull.comment", 10 + "repo:sh.tangled.repo.artifact", 11 + "repo:sh.tangled.repo.issue", 12 + "repo:sh.tangled.repo.issue.comment", 13 + "repo:sh.tangled.repo.collaborator", 14 + "repo:sh.tangled.knot", 15 + "repo:sh.tangled.knot.member", 16 + "repo:sh.tangled.spindle", 17 + "repo:sh.tangled.spindle.member", 18 + "repo:sh.tangled.graph.follow", 19 + "repo:sh.tangled.feed.star", 20 + "repo:sh.tangled.feed.reaction", 21 + "repo:sh.tangled.label.definition", 22 + "repo:sh.tangled.label.op", 23 + "repo:sh.tangled.string", 24 + "repo:sh.tangled.actor.profile", 25 + 26 + "blob", 27 + 28 + "rpc:sh.tangled.repo.create?aud=*", 29 + "rpc:sh.tangled.repo.delete?aud=*", 30 + "rpc:sh.tangled.repo.merge?aud=*", 31 + "rpc:sh.tangled.repo.hiddenRef?aud=*", 32 + "rpc:sh.tangled.repo.deleteBranch?aud=*", 33 + "rpc:sh.tangled.repo.setDefaultBranch?aud=*", 34 + "rpc:sh.tangled.repo.forkSync?aud=*", 35 + "rpc:sh.tangled.repo.forkStatus?aud=*", 36 + "rpc:sh.tangled.repo.mergeCheck?aud=*", 37 + "rpc:sh.tangled.pipeline.cancelPipeline?aud=*", 38 + "rpc:sh.tangled.repo.addSecret?aud=*", 39 + "rpc:sh.tangled.repo.removeSecret?aud=*", 40 + "rpc:sh.tangled.repo.listSecrets?aud=*", 41 + }

History

2 rounds 3 comments
sign up or login to add to the discussion
lewis.moe submitted #1
diff interdiff
1 commit
expand
d74a6eb4
oauth: add granular scope request for atproto records & everything tangled-related
expand 3 comments
oppi.li

very nice work! we use a fork of indigo that exposes NSID consts:

import 	"tangled.org/core/api/tangled"

fmt.Println(tangled.ActorProfileNSID)

Would it make sense to use these consts in the scope-strings? happy with the existing patch as-is too, if not.

lewis.moe

Using consts might end up looking like:

"repo:" + tangled.ActorProfileNSID,
"rpc:" + tangled.RepoCreateNSID + "?aud=*"

we'd kinda lose the readability of plain strings without gaining compile-time safety, and when an nsid changes, we'd have to update both the lexicon and this scope list anyway

oppi.li

lgtm!

pull request successfully merged
lewis.moe submitted #0
1 commit
expand
aade2758
oauth: add granular scope request for atproto records & everything tangled-related
expand 0 comments