* Improve error message when using invalid client_id during code exchange
* Extract SPA example OAuth client in own package
* wip
* remove dependency on get-port
* Properly configure jest to only transpile "get-port" from node_modules
https://jestjs.io/docs/configuration#transformignorepatterns-arraystring
* Use dynamically assigned port number during tests
* use puppeteer to run tests
* remove login input "id" attribute
* code style
* add missing declaration
* tidy
* headless
* remove get-port dependency
* fix tests/proxied/admin.test.ts
* fix tests
* Allow unsecure oauth providers through configuration
* transpile "lande" during ozone tests
* Cache Puppeteer browser binaries
* Use puppeteer cache during all workflow steps
* remove use of set-output
* use get-port in xrpc-server tests
* Renamed to allowHttp
* tidy
* tidy
* ✨ Initial implementation of sets api on ozone
* ✨ Introduce sortDirection to querySets
* 🧹 Cleanup and refactor
* ✨ Align setView for response
* ♻️ Rename and add specific error
* 🐛 Cleanup unnecessary check that is covered by lexicon
* ✨ Rename remove to delete and add set suffix
* ✨ Use id and createdAt for values pagination
* ✨ Add index on createdAt for query perf and other cleanups
* 🐛 Set createdAt when inserting values
* 📝 Add changeset
* ✨ Add index on setId and createdAt
* ✨ Add getRepos and getRecords endpoints for bulk fetching
* ✨ Fix issues and add tests for get repos and get records
* ✨ Use the right lxm
* 🐛 Revert changes in lockfile
* ✨ Add getAccountInfos in PDS
* 🐛 Fix type def for repo and record view detail
* ✅ Update snapshots
* ✅ Update snapshots
* ✨ Consolidate error type for com.atproto and tools.ozone getRecord error type
* 🧹 Cleanup
* ✅ Update snapshots
* ✅ Update snapshots
* ✨ Changeset
* Reapply "add failing test for pinning someone else's post"
This reverts commit 16a2399e19cd11851ae39edf06cb9fd812c28678.
* make sure pinned post belongs to the person who pinned it
* add snapshot
* Use uriToDid
---------
Co-authored-by: Eric Bailey <git@esb.lol>
* pinned posts lexicon
* codegen
* change lexicon, different approach
* codegen 2
* dataplane db migration
* move pinned post lexicon to right place
* add pinned posts optionally to getAuthorFeed
* remove type modification
* Clarify naming, add viewer state, add tests
* return pinnedPost with profileViewDetailed
* allow pinned replies in `posts_and_author_threads`
* clearer variable naming
* annotate type of `items`
* boolean --> varchar
* reuse authorDid in viewerPinned
* simplify test
* make pinned post not top post in test
* update snapshot
* changeset
---------
Co-authored-by: Eric Bailey <git@esb.lol>
Co-authored-by: dholms <dtholmgren@gmail.com>
* Improve reporting of metadata validation error
* Properly validate client metadata scope
* Allow loopback clients to define their scopes through client_id query parameters
* Require definition of "scope" in client metadata document
* Restrict the value used as code_challenge_methods_supported
* Remove `plain` from `code_challenge_methods_supported`
* Prevent use of empty string in unsupported oidc request parameters
* Centralize parsing of client metadata error
* Enfore code_challenge_method=S256 request parameter
* Improve error description in case of invalid loopback client_id
* Enfore single scope query param in loopback clients
* Disable request params scopes defaulting to client metadata scope
* Centralize loopback client validation logic
* add assertion utils for client ids
* Improve invalid client_id error messages from BrowserOAuthClient.from()
* Use scope from client metadata as default value
* Improve client side validation of client metadata
* Allow fetching of source maps files from browser debugger
* Use the clientId to configure the OAuth client
* Allow native clients to use https: redirect uris
* Explicitely forbid MTLS client auth method
* Improve error feedback in case of invalid client_id domain name
* Remove un-spec'ed restrictions on redirect_uris based on the client_uri
* Do not strip query string from URL after oauth redirect in fragment mode
* Add missing "expires_in" property to OAuthParResponse type definition
* Allow non canonical urls to be used as client ID
* Allow client metadata to contain other return type values than "code"
* Properly validate request_uri request parameter
* Improve parsing and validation of client_id's
* Return "invalid_client" on invalid client credentials
* improved error management & reporting
* performance improvement
* Allow loopback client ids to omit the (empty) path parameter
Co-authored-by: devin ivy <devinivy@gmail.com>
* uppercase email 2FA code
* use same validation logic as social-app
* use same regex for pattern as social-app
* rename check function
* spelling correction
Co-authored-by: surfdude29 <149612116+surfdude29@users.noreply.github.com>
---------
Co-authored-by: surfdude29 <149612116+surfdude29@users.noreply.github.com>
