nonbinary.computer / jacquard
A better Rust ATProto crate
fork atom

How to save the session to file in production? #15

closed
opened by netology.tngl.sh edited 
let (session, auth) = MemoryCredentialSession::authenticated(
        handle.clone().into(),
        password.clone().into(),
        None,
    )
    .await
    .map_err(|e| e.to_string())?;

What to store in file auth data/ AtpSession and session data?

pub struct AtpSession {
    pub access_jwt: CowStr<'static>,
    pub refresh_jwt: CowStr<'static>,
    pub did: Did<'static>,
    pub handle: Handle<'static>,
}

How to store and retrieve session?

nonbinary.computer

First of all, I strongly recommend OAuth for production, that is the protocol developers' expressed strong preference and will have much more granular permissions than an app password over time, unless you have clear need for an indefinite duration session with broad permissions and it's unreasonable to expect a user to occasionally have to click something to refresh it.

atproto OAuth has a reputation, but I promise Jacquard makes it pretty easy. You need a route to call start_auth on an OAuthClient instance backed by your auth store implementation, a route to receive the callback and call the callback function on that OAuthClient, which returns an OAuthSession backed by that auth store, and a place to publish your client metadata, that's it. I've been meaning to write an example of a more production-like OAuth setup, to demonstrate that it really is pretty simple.

Here are the docs for CredentialSession. If you are committed to using an app password session, you want something that implements the SessionStore trait with the key type being (Did<'static>, CowStr<'static>) (the DID and a session identifier, which can be unique or a constant), and AtpSession for the value type. MemorySessionStore (what MemoryCredentialSession uses) is one. FileAuthStore is another. It supports OAuth and app password sessions, implementing both the SessionStore trait app password sessions use and the ClientAuthStore trait from jacquard-oauth. However, FileAuthStore is not at all suited for production, it is primarily intended to be a rough-and-ready but functional persistent session store for development.

For a production use case, you should implement the required storage trait for your session type (either SessionStore or ClientAuthStore) yourself, backed by your app's database or other storage medium. The traits are quite simple to implement. Jacquard does not currently provide any such implementations, as they are likely to be quite specific to each app's own needs.

netology.tngl.sh (author) edited

But how to get the session form SessionStore. session is CredentialSession<MemorySessionStore<(Did<'static>, CowStr<'static>), AtpSession>, JacquardResolver>

nonbinary.computer

If you use the in-memory-only session, you can't persist it to disk. You need to use a CredentialSession with a different S (S there is MemorySessionStore<(Did<'static>, CowStr<'static>), AtpSession>). FYI there is a bug in the most recent release with FileTokenStore/FileAuthStore, I recently discovered, so I would suggest using the git version from tangled, if you want to create a session backed by that store. Syntax would be CredentialSession::new(FileTokenStore::new(path)) iirc.

sign up or login to add to the discussion
Labels

None yet.

assignee

None yet.

Participants 2
AT URI
at://did:plc:b4sujryiw6ffhpnqyz2kgjnt/sh.tangled.repo.issue/3m4ixp7rwkw22