zzstoatzz.io / plyr.fm
music on atproto plyr.fm
fork atom

docs: update oauth client metadata path references (#328)

authored by zzstoatzz.io and committed by GitHub 66505c5b 5359ba93

options
unified split
Changed files
+11 -12
backend
fly.toml
docs
backend
atproto-identity.md
configuration.md
deployment
environments.md
local-development
setup.md
+1 -1
backend/fly.toml
··· 38 # - DATABASE_URL 39 # - AWS_ACCESS_KEY_ID 40 # - AWS_SECRET_ACCESS_KEY 41 - # - ATPROTO_CLIENT_ID (will be https://api.plyr.fm/client-metadata.json after deployment) 42 # - ATPROTO_REDIRECT_URI (will be https://api.plyr.fm/auth/callback after deployment) 43 # - OAUTH_ENCRYPTION_KEY (44-character base64 Fernet key, generate with: python -c 'from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())')
··· 38 # - DATABASE_URL 39 # - AWS_ACCESS_KEY_ID 40 # - AWS_SECRET_ACCESS_KEY 41 + # - ATPROTO_CLIENT_ID (will be https://api.plyr.fm/oauth-client-metadata.json after deployment) 42 # - ATPROTO_REDIRECT_URI (will be https://api.plyr.fm/auth/callback after deployment) 43 # - OAUTH_ENCRYPTION_KEY (44-character base64 Fernet key, generate with: python -c 'from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())')
+5 -5
docs/backend/atproto-identity.md
··· 29 ### how it works 30 31 1. **client ID is a URL**: your `ATPROTO_CLIENT_ID` must be a publicly accessible HTTPS URL that serves client metadata JSON 32 - 2. **backend serves metadata**: plyr.fm serves this at `/client-metadata.json` on the API domain 33 3. **automatic discovery**: when users authenticate, their PDS fetches the client metadata from your client ID URL 34 35 ### configuration per environment 36 37 **production**: 38 - - `ATPROTO_CLIENT_ID=https://api.plyr.fm/client-metadata.json` 39 - `ATPROTO_REDIRECT_URI=https://api.plyr.fm/auth/callback` 40 41 **staging**: 42 - - `ATPROTO_CLIENT_ID=https://api-stg.plyr.fm/client-metadata.json` 43 - `ATPROTO_REDIRECT_URI=https://api-stg.plyr.fm/auth/callback` 44 45 **local development**: 46 - - `ATPROTO_CLIENT_ID=http://localhost:8001/client-metadata.json` 47 - `ATPROTO_REDIRECT_URI=http://localhost:8001/auth/callback` 48 49 ### important notes ··· 58 check that your client metadata is accessible: 59 60 ```bash 61 - curl https://api.plyr.fm/client-metadata.json 62 ``` 63 64 should return JSON with your OAuth configuration including redirect URIs and scopes.
··· 29 ### how it works 30 31 1. **client ID is a URL**: your `ATPROTO_CLIENT_ID` must be a publicly accessible HTTPS URL that serves client metadata JSON 32 + 2. **backend serves metadata**: plyr.fm serves this at `/oauth-client-metadata.json` on the API domain 33 3. **automatic discovery**: when users authenticate, their PDS fetches the client metadata from your client ID URL 34 35 ### configuration per environment 36 37 **production**: 38 + - `ATPROTO_CLIENT_ID=https://api.plyr.fm/oauth-client-metadata.json` 39 - `ATPROTO_REDIRECT_URI=https://api.plyr.fm/auth/callback` 40 41 **staging**: 42 + - `ATPROTO_CLIENT_ID=https://api-stg.plyr.fm/oauth-client-metadata.json` 43 - `ATPROTO_REDIRECT_URI=https://api-stg.plyr.fm/auth/callback` 44 45 **local development**: 46 + - `ATPROTO_CLIENT_ID=http://localhost:8001/oauth-client-metadata.json` 47 - `ATPROTO_REDIRECT_URI=http://localhost:8001/auth/callback` 48 49 ### important notes ··· 58 check that your client metadata is accessible: 59 60 ```bash 61 + curl https://api.plyr.fm/oauth-client-metadata.json 62 ``` 63 64 should return JSON with your OAuth configuration including redirect URIs and scopes.
+1 -1
docs/backend/configuration.md
··· 70 DATABASE_URL=postgresql+psycopg://user:pass@host/db 71 72 # oauth (uses client metadata discovery - no registration required) 73 - ATPROTO_CLIENT_ID=https://your-domain.com/client-metadata.json 74 ATPROTO_CLIENT_SECRET=<optional-client-secret> 75 ATPROTO_REDIRECT_URI=https://your-domain.com/auth/callback 76 OAUTH_ENCRYPTION_KEY=<base64-encoded-32-byte-key>
··· 70 DATABASE_URL=postgresql+psycopg://user:pass@host/db 71 72 # oauth (uses client metadata discovery - no registration required) 73 + ATPROTO_CLIENT_ID=https://your-domain.com/oauth-client-metadata.json 74 ATPROTO_CLIENT_SECRET=<optional-client-secret> 75 ATPROTO_REDIRECT_URI=https://your-domain.com/auth/callback 76 OAUTH_ENCRYPTION_KEY=<base64-encoded-32-byte-key>
+2 -3
docs/deployment/environments.md
··· 116 - staging: `fm.plyr.stg` 117 - production: `fm.plyr` 118 - `ATPROTO_CLIENT_ID`, `ATPROTO_REDIRECT_URI` → oauth config (env-specific, must use custom domains for cookie-based auth) 119 - - production: `https://api.plyr.fm/client-metadata.json` and `https://api.plyr.fm/auth/callback` 120 - - staging: `https://api-stg.plyr.fm/client-metadata.json` and `https://api-stg.plyr.fm/auth/callback` 121 - - `OAUTH_ENCRYPTION_KEY` → unique per environment 122 - `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` → r2 credentials 123 - `LOGFIRE_WRITE_TOKEN`, `LOGFIRE_ENVIRONMENT` → observability config 124
··· 116 - staging: `fm.plyr.stg` 117 - production: `fm.plyr` 118 - `ATPROTO_CLIENT_ID`, `ATPROTO_REDIRECT_URI` → oauth config (env-specific, must use custom domains for cookie-based auth) 119 + - production: `https://api.plyr.fm/oauth-client-metadata.json` and `https://api.plyr.fm/auth/callback` 120 + - staging: `https://api-stg.plyr.fm/oauth-client-metadata.json` and `https://api-stg.plyr.fm/auth/callback`- `OAUTH_ENCRYPTION_KEY` → unique per environment 121 - `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` → r2 credentials 122 - `LOGFIRE_WRITE_TOKEN`, `LOGFIRE_ENVIRONMENT` → observability config 123
+2 -2
docs/local-development/setup.md
··· 45 # DATABASE_URL=<neon-dev-connection-string> # neon dev 46 47 # oauth (uses client metadata discovery - no registration required) 48 - ATPROTO_CLIENT_ID=http://localhost:8001/client-metadata.json 49 ATPROTO_CLIENT_SECRET=<your-client-secret> 50 ATPROTO_REDIRECT_URI=http://localhost:5173/auth/callback 51 OAUTH_ENCRYPTION_KEY=<base64-encoded-32-byte-key> ··· 304 # should be: http://localhost:5173/auth/callback 305 306 # check ATPROTO_CLIENT_ID is accessible (should return client metadata JSON) 307 - curl http://localhost:8001/client-metadata.json 308 ``` 309 310 ### r2 upload failures
··· 45 # DATABASE_URL=<neon-dev-connection-string> # neon dev 46 47 # oauth (uses client metadata discovery - no registration required) 48 + ATPROTO_CLIENT_ID=http://localhost:8001/oauth-client-metadata.json 49 ATPROTO_CLIENT_SECRET=<your-client-secret> 50 ATPROTO_REDIRECT_URI=http://localhost:5173/auth/callback 51 OAUTH_ENCRYPTION_KEY=<base64-encoded-32-byte-key> ··· 304 # should be: http://localhost:5173/auth/callback 305 306 # check ATPROTO_CLIENT_ID is accessible (should return client metadata JSON) 307 + curl http://localhost:8001/oauth-client-metadata.json 308 ``` 309 310 ### r2 upload failures