Hey devs, this is an exciting one! Just put up an early proposal for OAuth scopes in the atproto network. Eager to hear thoughts github.com/bluesky-soci... - ThreadSky

dholms.xyz • 68 days ago

Hey devs, this is an exciting one!

Just put up an early proposal for OAuth scopes in the atproto network. Eager to hear thoughts

https://github.com/bluesky-social/atproto/discussions/3655

Comments

dholms.xyz•68 days ago

This is a little bit less backed than some of our other proposals, but we really wanted to get our thoughts out ahead of Atmosphere Conf so that we could have some of these discussions in person.

Whether you're going to the conference or not, would love to hear thoughts!

dholms.xyz•68 days ago

rip *baked

dholms.xyz•68 days ago

Auth scopes has been a surprisingly hairy one

Basically OAuth in atproto is already hard because it's n-n Authorization Servers & clients. Auth scopes add another party into the mix: the Application designer who is defining authorization semantics. n-to-n-to-n!

mackuba.eu•68 days ago

Now ATProto scales cubically 🧊

knowtheory.net•68 days ago

The N-CUBE comes for us all!

alt.psingletary.com•68 days ago

not OAuth
not OIDC
some secret ³ thing

michaelmure.bsky.social•68 days ago

You wouldn't nees those external scope definitions. You also get delegation for free, which enable some cool use cases.
A very different design for sure though, with different tradeoffs.

michaelmure.bsky.social•68 days ago

I found that a regular first leg of OAuth (social login up to getting the identity token) with a token exchange giving a UCAN token (instead of JWT) is a pretty powerful pattern.
Then you can apply the UCAN policies on HTTP parameters (path, arguments...).

jcsalterego.bsky.social•68 days ago

service proxying for feeds is very interesting!

joe.sprk.team•65 days ago

@joaodavisn.com

shi.gg•68 days ago

could I have TL;DR.on if this breaks current oauth implementations

dholms.xyz•68 days ago

it extends it but doesn't break it. ie none of the actual oauth stuff changes, but authorization servers will need to interpret these scopes in order to grant clients access to them

shi.gg•68 days ago

so the current "a scope for everything" will stay, at least for some transition period?

dholms.xyz•68 days ago

yup 👍

sabartsocial.bsky.social•67 days ago

Hi, general question.
Is there any way to update the link preview to external webs? Request that bsky reload the og:image.
Not only because of changes, but also because images that for some reason haven't loaded at the time, even though the meta tag in their code appears to be correct.
Thanks :))

ngerakines.me•68 days ago

Really interested in how service auth and forwarding will look. Great read so far!

timburga.com•68 days ago

mfer wrote "udpate"

Comments

Posting Rules

Reply