Login via OAuth
Opened this issue · 1 comments
anbraten commented
As the future preferred authentication method of atprotocol is going to be oauth Nimbus should probably follow this:
- https://atproto.com/specs/oauth
- https://docs.bsky.app/docs/advanced-guides/oauth-client
- https://docs.bsky.app/blog/oauth-atproto
- https://github.com/bluesky-social/atproto/blob/main/packages/api/OAUTH.md
- bluesky-social/atproto#2656
Implementation references
One of the best reference implementations of the rather new spec seems to be:
- https://github.com/bluesky-social/ozone/blob/bd289bc9ff864d5cc4c3c73246000f6a05cbac2a/components/shell/auth/oauth/useOAuth.ts#L28
- https://github.com/bluesky-social/ozone/blob/bd289bc9ff864d5cc4c3c73246000f6a05cbac2a/components/shell/AuthContext.tsx#L45
Open questions
- Should the client or the server do the flow? (seems like in elk the server was doing it, are there any reasons for that?)
- How does it work with multiple servers?
- How does it work with multiple handles?
mary-ext commented
My recommendation would probably be to go through with app passwords for now as we wait for OAuth to stabilize, while keeping an easy migration path to it. I've seen a decent amount of folks getting confused over logins, mainly because app passwords is still the norm.