atproto

lamp/atproto

Fork 0

Commit Graph

Author	SHA1	Message	Date
Matthieu Sieben	1899b1fc16	OAuth scopes (#3806 ) * style: prefix `id` and `uri` with `request` where applicable * Dynamically validate OAuth scopes * Allow configuring trusted OAuth clients * Improve client validation * Rework authorization to work with permissions * Review changes * fix permissions * tidy * Drop authorization result * unused code cleanup * fix preferences auth * remove redundant check in `applyWrites` * style * Remove need to specify "scopes" in authorized auth strategy * fixup! Remove need to specify "scopes" in authorized auth strategy * split authorized and oauth auth methods * Require explicit opt-in for takendown * fix tests * rollback redundant permissions mechanism * tidy * Fix tests * tidy * tidy * pr changes * remove hack allowing access to full preferences * always specify authorize method * Add OAuth scope parsing & matching * tidy * add support for oauth scopes in client * review changes * Small xrpc-server optimizations * pr comments * Review comments * refactor: move oauth scopes parser & checker in own package * code simplification * Allow multiple collections in `repo` scopes. Allow wildcard action in `repo` scopes. Require action in `repo` scopes. * Rename `emailUpdate` to `email-update` in `account` scope params. Add wildcard (``) in `account` and `identity` scopes. tidy * add oauth-scopes package to PDS Dockerfile * unit tests * Syntax rework * adapt to latest scope definition * Add missing tests * Render scopes in UI * fix build * fixes and tests * improve ui * tidy * tidy * ui improvements * tidy * fr messages * tidy * improve consent screen ui * fix test * tidy * improve dx * Remove `transition:` scopes from `scopes_supported` authorization server metadata * Hide blob scope if no repo scope present * changeset * Remove the `action` param from the `identity` scope * fix html syntax * simplified wording * Make `account:email` scope optional (#4089) * Make `account:email` scope optional * tidy * tidy * tidy * tidy * fix * tidy * review comments * tidy * refactor: remove redundant tests for identity scope parsing and matching * minor ui fixes * fix "back" label not translated * ui improvements * fix tests	2025-08-12 13:13:14 +02:00

Author

SHA1

Message

Date

Matthieu Sieben

1899b1fc16

OAuth scopes (#3806 )

* style: prefix `id` and `uri` with `request` where applicable

* Dynamically validate OAuth scopes

* Allow configuring trusted OAuth clients

* Improve client validation

* Rework authorization to work with permissions

* Review changes

* fix permissions

* tidy

* Drop authorization result

* unused code cleanup

* fix preferences auth

* remove redundant check in `applyWrites`

* style

* Remove need to specify "scopes" in authorized auth strategy

* fixup! Remove need to specify "scopes" in authorized auth strategy

* split authorized and oauth auth methods

* Require explicit opt-in for takendown

* fix tests

* rollback redundant permissions mechanism

* tidy

* Fix tests

* tidy

* tidy

* pr changes

* remove hack allowing access to full preferences

* always specify authorize method

* Add OAuth scope parsing & matching

* tidy

* add support for oauth scopes in client

* review changes

* Small xrpc-server optimizations

* pr comments

* Review comments

* refactor: move oauth scopes parser & checker in own package

* code simplification

* Allow multiple collections in `repo` scopes.
Allow wildcard action in `repo` scopes.
Require action in `repo` scopes.

* Rename `emailUpdate` to `email-update` in `account` scope params.
Add wildcard (`*`) in `account` and `identity` scopes.

* tidy

* add oauth-scopes package to PDS Dockerfile

* unit tests

* Syntax rework

* adapt to latest scope definition

* Add missing tests

* Render scopes in UI

* fix build

* fixes and tests

* improve ui

* tidy

* tidy

* ui improvements

* tidy

* fr messages

* tidy

* improve consent screen ui

* fix test

* tidy

* improve dx

* Remove `transition:` scopes from `scopes_supported` authorization server metadata

* Hide blob scope if no repo scope present

* changeset

* Remove the `action` param from the `identity` scope

* fix html syntax

* simplified wording

* Make `account:email` scope optional (#4089)

* Make `account:email` scope optional

* tidy

* tidy

* tidy

* tidy

* fix

* tidy

* review comments

* tidy

* refactor: remove redundant tests for identity scope parsing and matching

* minor ui fixes

* fix "back" label not translated

* ui improvements

* fix tests

2025-08-12 13:13:14 +02:00

1 Commits