atpota.to / flushes.app
This repository has no description
0
Fork 0

Configure Feed

Select the types of activity you want to include in your feed.

flushes.app / README_OAUTH_MIGRATION.md
at 26d5d89738424681a53bf336d05487ca73cfebcb 187 lines 6.2 kB View raw View rendered
damedotblog claude sonnet 4 attempt at complete oauth setup migration to oauth-client-browser
5611406a
1# 🚀 OAuth Migration to @atproto/oauth-client-browser 2 3Your app has been successfully set up with a new, simplified OAuth implementation using the official `@atproto/oauth-client-browser` package. This migration will replace ~1000 lines of custom OAuth code with a robust, officially-maintained solution. 4 5## 📁 New Files Created 6 7### Core OAuth Implementation 8- **`app/src/lib/oauth-client.ts`** - OAuth client setup and configuration 9- **`app/src/lib/auth-context-new.tsx`** - New auth context using OAuth client 10- **`app/src/lib/api-client.ts`** - Simplified API calls using OAuth sessions 11 12### Updated Pages 13- **`app/src/app/auth/login/page-new.tsx`** - Simplified login page 14- **`app/src/app/auth/callback/page-new.tsx`** - Simplified callback handling 15 16### Documentation & Scripts 17- **`OAUTH_MIGRATION_GUIDE.md`** - Detailed migration guide 18- **`test-new-oauth.js`** - Script to test new implementation 19- **`restore-oauth.js`** - Script to restore original implementation 20 21## 🧪 How to Test the New Implementation 22 23### 1. Test the New OAuth System 24 25```bash 26# Run the test setup script 27./test-new-oauth.js 28 29# Start the development server 30cd app && npm run dev 31``` 32 33### 2. Test Authentication Flow 34 351. **Visit** http://localhost:3000 362. **Click Login** to go to the new login page 373. **Test with different handles:** 38 - Bluesky: `yourhandle.bsky.social` 39 - Third-party PDS: `handle.geese.blue` 40 - Custom domain: `yourhandle.yourdomain.com` 414. **Verify** the callback completes successfully 425. **Check** that you're authenticated on the home page 43 44### 3. Test Session Management 45 461. **Sign in** and verify it works 472. **Refresh the page** - should stay signed in 483. **Close and reopen browser** - should restore session 494. **Test sign out** - should clear session properly 50 51### 4. Restore Original (if needed) 52 53```bash 54# Restore the original implementation 55./restore-oauth.js 56``` 57 58## ✨ Key Benefits of Migration 59 60### **Simplified Codebase** 61- Removes ~1000 lines of custom OAuth code 62- No more manual PKCE flow implementation 63- No more custom DPoP token generation 64- No more complex nonce handling 65- Eliminates custom API routes (`/api/auth/token`, `/api/auth/nonce`) 66 67### **Better Reliability** 68- Official implementation tested across many applications 69- Automatic token refresh with proper retry logic 70- Better error handling and recovery 71- Proper session lifecycle management 72 73### **Enhanced Security** 74- Uses secure IndexedDB storage instead of localStorage 75- Follows latest AT Protocol OAuth specifications 76- Automatic DPoP implementation 77- Better session invalidation handling 78 79### **Improved Developer Experience** 80- Direct integration with `@atproto/api` Agent 81- Automatic handle resolution 82- Built-in support for third-party PDS servers 83- Event listeners for session changes 84- Better TypeScript support 85 86## 🔄 Migration Process (When Ready) 87 88### Phase 1: Backup & Prepare 89```bash 90# Already done - scripts handle this automatically 91``` 92 93### Phase 2: Switch to New Implementation 94```bash 95# Replace the auth context import in layout.tsx 96# From: '@/lib/auth-context' 97# To: '@/lib/auth-context-new' 98``` 99 100### Phase 3: Update Pages 101```bash 102# Replace login page 103mv app/src/app/auth/login/page.tsx app/src/app/auth/login/page-old.tsx 104mv app/src/app/auth/login/page-new.tsx app/src/app/auth/login/page.tsx 105 106# Replace callback page 107mv app/src/app/auth/callback/page.tsx app/src/app/auth/callback/page-old.tsx 108mv app/src/app/auth/callback/page-new.tsx app/src/app/auth/callback/page.tsx 109``` 110 111### Phase 4: Update API Calls 112Replace complex API calls throughout your app: 113 114```tsx 115// Before 116import { getProfile } from '@/lib/bluesky-api' 117const profile = await getProfile(accessToken, keyPair, dpopNonce, handle, pdsEndpoint) 118 119// After 120import { getProfile } from '@/lib/api-client' 121const profile = await getProfile(session) 122``` 123 124### Phase 5: Cleanup (After Testing) 125Remove old files when confident in the new implementation: 126- `app/src/lib/bluesky-auth.ts` 127- `app/src/lib/auth-context.tsx` (old version) 128- `app/src/lib/storage-util.ts` 129- `app/src/app/api/auth/token/route.ts` 130- `app/src/app/api/auth/nonce/route.ts` 131 132## 🛠 Compatibility Notes 133 134### **Legacy Code Support** 135The new auth context provides backward compatibility: 136- `accessToken``session?.accessToken` 137- `refreshToken``session?.refreshToken` 138- `did``session?.sub` 139- `handle``session?.info?.handle` 140- `pdsEndpoint` → extracted from session info 141 142### **Third-Party PDS Support** 143Full support maintained for: 144- ✅ Bluesky (bsky.social) 145- ✅ Custom domains (alice.example.com) 146- ✅ Third-party PDS (geese.blue, etc.) 147- ✅ Self-hosted instances 148 149### **Existing API Calls** 150Most existing API calls will continue to work during transition period due to legacy compatibility properties. 151 152## 🐛 Troubleshooting 153 154### **If Login Fails** 1551. Check browser console for errors 1562. Verify client metadata is accessible at https://flushes.app/client-metadata.json 1573. Ensure handle resolution is working 1584. Test with a simple Bluesky handle first 159 160### **If Session Not Restored** 1611. Check if IndexedDB is enabled in browser 1622. Verify no browser extensions blocking storage 1633. Check for console errors during initialization 164 165### **If API Calls Fail** 1661. Verify session object has required properties 1672. Check if using new API client methods 1683. Ensure proper error handling for session expiration 169 170## 📞 Support 171 172If you encounter any issues: 173 1741. **Check the logs** - The new implementation provides detailed console logging 1752. **Test incrementally** - Use the test scripts to verify each step 1763. **Rollback if needed** - The restore script quickly reverts changes 1774. **Reference the guide** - See `OAUTH_MIGRATION_GUIDE.md` for detailed steps 178 179## 🎉 Next Steps 180 1811. **Test thoroughly** with the new implementation 1822. **Update your components** to use the new auth context 1833. **Migrate API calls** to use the new client 1844. **Remove old files** once confident in the new system 1855. **Enjoy** the simplified, more reliable OAuth flow! 186 187The migration significantly reduces complexity while providing better reliability, security, and developer experience. The official `@atproto/oauth-client-browser` package handles all the OAuth complexity for you.