Skip to content

Client post PAR handling#54

Merged
ngerakines merged 1 commit into
mainfrom
ngerakines/par-client-post
Sep 17, 2025
Merged

Client post PAR handling#54
ngerakines merged 1 commit into
mainfrom
ngerakines/par-client-post

Conversation

@ngerakines

Copy link
Copy Markdown
Contributor

This pull request updates the DPoP OAuth example to use published crate versions for ATProtocol dependencies and improves OAuth client authentication handling by including the client secret in relevant flows. It also expands the requested OAuth scopes for broader compatibility and updates the PushedAuthorizationRequest struct and related logic to support the client secret field.

@DGaffney DGaffney self-requested a review September 17, 2025 00:19
@ngerakines ngerakines merged commit 0cea8ba into main Sep 17, 2025
@knowtheory

Copy link
Copy Markdown
Contributor

Wooo! Thanks @ngerakines!

@knowtheory

Copy link
Copy Markdown
Contributor

oop. I'm now getting scope errors from the dpop_website when it attempts client registration:

  2025-09-17T00:53:42.753800Z ERROR dpop_website: Client registration failed: Client registration failed with status: 400 Bad Request - {"error":"invalid_client_metadata","error_description":"error-aip-client-1 Invalid client metadata: Requested scope 'openid email profile atproto account:email repo:* rpc:*' contains unsupported scopes. Supported scopes: openid profile email atproto transition:generic transition:email"}. Server may not be running or may not support dynamic registration.

Updating the scopes in the dpop_website main.rs to the stated supported scopes instead errors out during authorization and returns this as the response:

{"error":"server_error","error_description":"error-aip-oauth-1 Authorization failed: OAuth init failed: PARHttpRequestFailed(Middleware(error-atproto-oauth-dpop-1 Unexpected OAuth error: invalid_request))"}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants