bretton.dev
code
Clone this repository
https://tangled.org/bretton.dev/coves
git@knot.bretton.dev:bretton.dev/coves
For self-hosted knots, clone URLs may differ based on your setup.
Without this, OAuth client uses localhost which causes PAR request
to fail with "localhost hostname is not allowed (RFC 8252)".
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Required for sealing session tokens in production.
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Delete internal/atproto/auth/ directory (JWT/DPoP verification - unused)
- Delete cmd/genjwks/ (confidential client key generator - unused)
- Remove ClientSecret/ClientKID from OAuthConfig (public client only)
- Remove HandleJWKS endpoint and routes (not needed for public clients)
- Remove OAUTH_PRIVATE_JWK from docker-compose.prod.yml
- Update tests and integration helpers
Coves is a public OAuth client - this cleanup removes ~1,500 lines of
dead code that was never being used.
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove unused OAUTH_CLIENT_ID, OAUTH_REDIRECT_URI, OAUTH_PRIVATE_JWK from .env.prod.example
- Add OAUTH_SEAL_SECRET to .env.dev for local development
- Clarify that OAUTH_SEAL_SECRET is required, client secret/kid are optional
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add OAuth and Universal Links env vars to example
- Update go.mod/go.sum with required dependencies
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Update test helpers for new OAuth flow
- Adapt aggregator, community, post tests
- Update user journey tests
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- E2E tests for OAuth flows
- Session fixation attack prevention tests
- Token verification tests
- Rate limiting tests
- Remove obsolete JWT verification test (merged into new suite)
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Simplify auth middleware implementation
- Update routes to use consistent auth patterns
- Improve test coverage for auth flows
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Register OAuth handlers at /oauth/* endpoints
- Register well-known routes for mobile verification
- Add /app/oauth/callback for Universal Links
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- /.well-known/apple-app-site-association for iOS
- /.well-known/assetlinks.json for Android
- Configurable via APPLE_APP_ID and ANDROID_* env vars
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- OAuth client for atproto authentication flow
- Session store with CSRF protection and secure token sealing
- Mobile-specific handlers with Universal Links redirect
- Database migrations for OAuth sessions and CSRF tokens
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>