bmann.ca
+20
-1
_notes/Beyond Microblogging ATProto.md
+20
-1
_notes/Beyond Microblogging ATProto.md
···Evan asked about how hard or easy it is for developers to make apps, or if there were things that developers needed to learn.<blockquote class="bluesky-embed" data-bluesky-uri="at://did:plc:ics2en32qho7u5vttyvmanvb/app.bsky.feed.post/3lvemq7irgw32" data-bluesky-cid="bafyreiffmzap6l543g5ggvbwfomq7zva4cpo3uyttgq5ljtl2zdgqxqv5y" data-bluesky-embed-color-mode="system"><p lang="en">"Monkey-punching toilets is actually a sign of success." <a href="https://cosocial.ca/@boris">@boris@cosocial.ca</a> #fedicon</p>— Evan Prodromou (<a href="https://bsky.app/profile/did:plc:ics2en32qho7u5vttyvmanvb?ref_src=embed">@evan@cosocial.ca</a>) <a href="https://bsky.app/profile/did:plc:ics2en32qho7u5vttyvmanvb/post/3lvemq7irgw32?ref_src=embed">August 1, 2025 at 2:45 PM</a></blockquote><script async src="https://embed.bsky.app/static/embed.js" charset="utf-8"></script>I explained[^monkeypunching] that there were libraries and SDKs for many programming languages, and that the new version of OAuth used by ATProto was tricky. The main challenge is understanding the network as a distributed system -- "your" Lexicon type can be posted by anyone on the network, not just your app, or the users that sign up with you.My simplest example conceptually is that an ATProto account functions like an Apple account: you have an identity for logging in, and it has storage included, and apps can store data in your account if you give them permission. As a developer, you know every account has storage attached.-Digging a little deeper into how this actually works, your unique identifier in ATProto is a [[DID]], specifically a [[DID PLC]][^didweb]+The simplified answer for how ATProto actually works is that your unique identifier in ATProto is a [[DID]], specifically a [[DID PLC]][^didweb] that is created when you create an account.++_Here's the [DID doc for my @bmann.ca account, via atproto-browser](https://atproto-browser.vercel.app/at/bmann.ca)_+It has an associated DID Doc that lists things like your human readable name aka handle -- e.g. `@yourname.bsky.social`, or my own domain like `@bmann.ca` -- and what server you have delegated hosting to. Bluesky runs a bunch of [[PDS]] that are named after mushrooms, and this account is on `morel.us-east.host.bsky.network`.[^selfhostedpds]+In summary - your identifier is a unique `did:plc`, you have a human-readable domain name pointing at it, and you delegate actual account hosting for app records and file storage to a PDS of your choice.+Any app prompts for your handle, it looks up your PDS, redirects there for you to authenticate via OAuth, and then the app has permission to write records and upload files to your account.+[^selfhostedpds]: My [@bmannconsulting.com](https://bsky.app/profile/bmannconsulting.com) is an account on my self-hosted PDS [[BringYourOwn.Computer]] where I uploaded my Twitter archive to. Looking at the [DID Doc for the account](https://atproto-browser.vercel.app/at/bmannconsulting.com), you can see that `bringyourown.computer` is the service endpoint for atproto_pds.[^didweb]: yes, [[did web]] exists and has use cases, but I'm focusing on the common, widely used case
assets/2025/atproto-browser-did-doc.jpg
assets/2025/atproto-browser-did-doc.jpg
This is a binary file and will not be displayed.