atpota.to / flushes.app
This repository has no description
0
Fork 0

Configure Feed

Select the types of activity you want to include in your feed.

fix default oauth endpoint

author
damedotblog date (Jun 13, 2025, 5:32 PM -0400) commit 1a09367e parent 5d0e8e09
+53 -55
+4 -4
app/src/app/api/auth/nonce/route.ts
··· 3 3 // Configure this route as dynamic to fix static generation issues 4 4 export const dynamic = 'force-dynamic'; 5 5 6 - const DEFAULT_AUTH_SERVER = 'https://bsky.social'; 6 + const DEFAULT_AUTH_SERVER = 'https://public.api.bsky.app'; 7 7 8 8 export async function POST(request: NextRequest) { 9 9 try { ··· 12 12 let pdsEndpoint = body.pdsEndpoint || DEFAULT_AUTH_SERVER; 13 13 14 14 // CRITICAL FIX: Third-party PDS servers don't implement OAuth endpoints 15 - // Always use bsky.social for OAuth operations 15 + // Always use public.api.bsky.app for OAuth operations 16 16 let authServer = pdsEndpoint; 17 - if (!pdsEndpoint.includes('bsky.social')) { 18 - console.log('[NONCE API] Redirecting to bsky.social for OAuth on third-party PDS'); 17 + if (!pdsEndpoint.includes('public.api.bsky.app')) { 18 + console.log('[NONCE API] Redirecting to public.api.bsky.app for OAuth on third-party PDS'); 19 19 authServer = DEFAULT_AUTH_SERVER; 20 20 } 21 21
+18 -20
app/src/app/api/auth/token/route.ts
··· 3 3 // Configure this route as dynamic to fix static generation issues 4 4 export const dynamic = 'force-dynamic'; 5 5 6 - const DEFAULT_AUTH_SERVER = 'https://bsky.social'; 6 + const DEFAULT_AUTH_SERVER = 'https://public.api.bsky.app'; 7 7 const REDIRECT_URI = 'https://flushes.app/auth/callback'; 8 8 const CLIENT_ID = 'https://flushes.app/client-metadata.json'; 9 9 ··· 41 41 }); 42 42 43 43 // CRITICAL FIX: Use the correct token endpoint based on PDS type 44 - // - For bsky.network PDSes: always use bsky.social for token exchange 45 - // - For third-party PDSes: use their own endpoint for token exchange 46 - let authServer = pdsEndpoint || DEFAULT_AUTH_SERVER; 44 + // - For bsky.network PDSes: always use public.api.bsky.app for token exchange 45 + // - For bsky.social: use it directly 46 + // - For third-party PDSes: use their own endpoint 47 + let authServer = pdsEndpoint; 47 48 48 - if (pdsEndpoint) { 49 - // If it's a bsky.network PDS, use bsky.social 50 - if (pdsEndpoint.includes('bsky.network')) { 51 - console.log(`[TOKEN ROUTE] Using bsky.social for bsky.network PDS: ${pdsEndpoint}`); 52 - authServer = DEFAULT_AUTH_SERVER; 53 - } else if (pdsEndpoint.includes('bsky.social')) { 54 - // Already using bsky.social 55 - console.log(`[TOKEN ROUTE] Using bsky.social endpoint directly`); 56 - } else { 57 - // For third-party PDSes, use their own endpoint for token exchange 58 - console.log(`[TOKEN ROUTE] Using third-party PDS's own endpoint for token exchange: ${pdsEndpoint}`); 59 - // Keep authServer as the original PDS endpoint 60 - } 49 + // If it's a bsky.network PDS, use public.api.bsky.app 50 + if (pdsEndpoint.includes('bsky.network')) { 51 + console.log(`[TOKEN ROUTE] Using public.api.bsky.app for bsky.network PDS: ${pdsEndpoint}`); 52 + authServer = DEFAULT_AUTH_SERVER; 53 + } else if (pdsEndpoint.includes('public.api.bsky.app')) { 54 + // Already using public.api.bsky.app 55 + console.log(`[TOKEN ROUTE] Using public.api.bsky.app endpoint directly`); 61 56 } else { 62 - // Default to bsky.social if no PDS endpoint provided 57 + console.log(`[TOKEN ROUTE] Using third-party PDS's own endpoint for token exchange: ${pdsEndpoint}`); 58 + } 59 + 60 + // Default to public.api.bsky.app if no PDS endpoint provided 61 + if (!pdsEndpoint) { 63 62 console.log(`[TOKEN ROUTE] No PDS endpoint provided, using default: ${DEFAULT_AUTH_SERVER}`); 64 63 authServer = DEFAULT_AUTH_SERVER; 65 64 } ··· 94 93 code_verifier: codeVerifier 95 94 }); 96 95 97 - // CRITICAL FIX: We only need to add cross-domain parameters when using bsky.social 98 - // for a third-party PDS's code exchange (which we're no longer doing) 96 + // CRITICAL FIX: We only need to add cross-domain parameters when using public.api.bsky.app 99 97 // But we'll keep this logic in case it's needed for specific PDS implementations 100 98 if (originalPdsEndpoint && originalPdsEndpoint !== authServer) { 101 99 console.log(`[TOKEN ROUTE] Cross-domain token exchange detected`);
+3 -3
app/src/app/api/bluesky/feed/route.ts
··· 45 45 46 46 // Bluesky agent for public interactions (used to resolve DIDs to handles if needed) 47 47 const agent = new BskyAgent({ 48 - service: 'https://bsky.social' 48 + service: 'https://public.api.bsky.app' 49 49 }); 50 50 51 51 export async function GET(request: NextRequest) { ··· 486 486 487 487 // Create and filter mock entries 488 488 const mockEntries: ProcessedEntry[] = []; 489 - const handles = ['alice.bsky.social', 'bob.bsky.social', 'charlie.bsky.social', 'dana.bsky.social']; 489 + const handles = ['alice.public.api.bsky.app', 'bob.public.api.bsky.app', 'charlie.public.api.bsky.app', 'dana.public.api.bsky.app']; 490 490 const emojis = ['🚽', '📱', '📚', '💩', '🧻', '💭', '😌']; 491 491 492 492 for (let i = 0; i < 6; i++) { ··· 596 596 597 597 // Create a new agent for this request 598 598 const agent = new BskyAgent({ 599 - service: 'https://bsky.social' 599 + service: 'https://public.api.bsky.app' 600 600 }); 601 601 602 602 // Log in with empty credentials (still required by the API)
+1 -1
app/src/app/api/bluesky/flushing/route.ts
··· 5 5 export const dynamic = 'force-dynamic'; 6 6 7 7 // This is the default API URL, but we'll use the user's PDS endpoint instead if available 8 - const DEFAULT_API_URL = 'https://bsky.social/xrpc'; 8 + const DEFAULT_API_URL = 'https://public.api.bsky.app/xrpc'; 9 9 const FLUSHING_STATUS_NSID = 'im.flushing.right.now'; 10 10 11 11 export async function POST(request: NextRequest) {
+3 -3
app/src/app/api/bluesky/profile/route.ts
··· 222 222 } 223 223 224 224 // Step 2: Get the PDS service endpoint from PLC directory 225 - let serviceEndpoint = 'https://bsky.social'; // Start with bsky.social as fallback 225 + let serviceEndpoint = 'https://public.api.bsky.app'; // Start with public.api.bsky.app as fallback 226 226 let servicePds: string | null = null; // Store the actual PDS domain for logging 227 227 try { 228 228 console.log(`Looking up PDS endpoint for DID: ${did}`); ··· 468 468 } 469 469 470 470 // 2. For third-party domain handles, try using the handle's domain 471 - if (handle.includes('.') && !handle.endsWith('bsky.social') && !handle.endsWith('flushes.app') && !handle.endsWith('flushing.im')) { 471 + if (handle.includes('.') && !handle.endsWith('public.api.bsky.app') && !handle.endsWith('flushes.app') && !handle.endsWith('flushing.im')) { 472 472 const domain = handle.split('.').slice(1).join('.'); 473 473 try { 474 474 console.log(`Trying handle domain access: https://${domain}`); ··· 915 915 916 916 // IMPORTANT: For third-party PDS users, we need to use the handle from describeRepo 917 917 // which will be accurate for their PDS, rather than the handle we resolved earlier 918 - if (pdsEndpoint && pdsEndpoint !== 'https://bsky.social' && pdsEndpoint !== 'https://public.api.bsky.app' && data.handle) { 918 + if (pdsEndpoint && pdsEndpoint !== 'https://public.api.bsky.app' && data.handle) { 919 919 console.log(`Using handle from PDS response: ${data.handle} instead of ${userHandle}`); 920 920 userHandle = data.handle; 921 921 }
+1 -1
app/src/app/api/bluesky/search/route.ts
··· 15 15 } 16 16 17 17 // Make a direct fetch request to the Bluesky API endpoint 18 - const apiUrl = `https://bsky.social/xrpc/app.bsky.actor.searchActorsTypeahead?q=${encodeURIComponent(term)}&limit=5`; 18 + const apiUrl = `https://public.api.bsky.app/xrpc/app.bsky.actor.searchActorsTypeahead?q=${encodeURIComponent(term)}&limit=5`; 19 19 20 20 console.log('Fetching from API:', apiUrl); 21 21
+1 -1
app/src/app/auth/login/page.tsx
··· 94 94 <div className={styles.info}> 95 95 <h3>Supported Services</h3> 96 96 <ul> 97 - <li>Bluesky (bsky.social)</li> 97 + <li>Bluesky (public.api.bsky.app)</li> 98 98 <li>Custom domains (e.g., alice.example.com)</li> 99 99 <li>Third-party PDS servers</li> 100 100 <li>Self-hosted instances</li>
+20 -20
app/src/lib/bluesky-api.ts
··· 1 1 import { exportJWK, generateDPoPToken } from './bluesky-auth'; 2 2 3 3 // Bluesky API utilities 4 - const DEFAULT_API_URL = 'https://bsky.social/xrpc'; 4 + const DEFAULT_API_URL = 'https://public.api.bsky.app/xrpc'; 5 5 6 6 // Create a custom lexicon schema for "im.flushing.right.now" 7 7 // This would normally be registered with the AT Protocol ··· 76 76 // CRITICAL FIX: Token refresh endpoint selection based on PDS type 77 77 let authServer = pdsEndpoint; 78 78 79 - // For bsky.network PDSes, use bsky.social 79 + // For bsky.network PDSes, use public.api.bsky.app 80 80 if (pdsEndpoint.includes('bsky.network')) { 81 - console.log('[TOKEN REFRESH] Using bsky.social for bsky.network PDS'); 82 - authServer = 'https://bsky.social'; 83 - } else if (pdsEndpoint.includes('bsky.social')) { 84 - // Already using bsky.social 85 - console.log('[TOKEN REFRESH] Using bsky.social directly'); 81 + console.log('[TOKEN REFRESH] Using public.api.bsky.app for bsky.network PDS'); 82 + authServer = 'https://public.api.bsky.app'; 83 + } else if (pdsEndpoint.includes('public.api.bsky.app')) { 84 + // Already using public.api.bsky.app 85 + console.log('[TOKEN REFRESH] Using public.api.bsky.app directly'); 86 86 } else { 87 87 // For third-party PDSes, use their own endpoint for token refresh 88 88 console.log('[TOKEN REFRESH] Using third-party PDS\'s own endpoint for token refresh:', pdsEndpoint); ··· 97 97 let dpopNonce = null; 98 98 99 99 // Special handling for third-party PDS token refresh 100 - if (!authServer.includes('bsky.social') && !authServer.includes('bsky.network')) { 100 + if (!authServer.includes('public.api.bsky.app') && !authServer.includes('bsky.network')) { 101 101 try { 102 102 // For third-party PDS, use a two-step approach to get the valid nonce: 103 103 console.log('[TOKEN REFRESH] Direct nonce retrieval from third-party PDS'); ··· 382 382 let authServer = pdsEndpoint; 383 383 384 384 // Special case for token refresh only (not normal API calls) 385 - // Only bsky.network PDSes should redirect to bsky.social 386 - if (pdsEndpoint && pdsEndpoint.includes('bsky.network')) { 387 - console.log('[AUTH CHECK] Will use bsky.social for OAuth on bsky.network PDS'); 388 - authServer = 'https://bsky.social'; 385 + // Only bsky.network PDSes should redirect to public.api.bsky.app 386 + if (pdsEndpoint.includes('bsky.network')) { 387 + console.log('[AUTH CHECK] Will use public.api.bsky.app for OAuth on bsky.network PDS'); 388 + authServer = 'https://public.api.bsky.app'; 389 389 } else { 390 390 console.log('[AUTH CHECK] Using the actual PDS endpoint for auth:', pdsEndpoint); 391 391 } ··· 499 499 // Follow the same server selection logic as in refreshAccessToken 500 500 let refreshAuthServer = pdsEndpoint; 501 501 502 - // For bsky.network PDSes, use bsky.social 502 + // For bsky.network PDSes, use public.api.bsky.app 503 503 if (pdsEndpoint.includes('bsky.network')) { 504 - console.log('[AUTH CHECK] Will use bsky.social for bsky.network PDS'); 505 - refreshAuthServer = 'https://bsky.social'; 506 - } else if (pdsEndpoint.includes('bsky.social')) { 507 - // Already using bsky.social 508 - console.log('[AUTH CHECK] Will use bsky.social directly'); 504 + console.log('[AUTH CHECK] Will use public.api.bsky.app for bsky.network PDS'); 505 + refreshAuthServer = 'https://public.api.bsky.app'; 506 + } else if (pdsEndpoint.includes('public.api.bsky.app')) { 507 + // Already using public.api.bsky.app 508 + console.log('[AUTH CHECK] Will use public.api.bsky.app directly'); 509 509 } else { 510 510 // For third-party PDSes, use their own endpoint 511 511 console.log('[AUTH CHECK] Will use third-party PDS\'s own endpoint:', pdsEndpoint); ··· 703 703 const publicKey = await exportJWK(keyPair.publicKey); 704 704 705 705 // Use the PDS endpoint if available 706 - const baseUrl = pdsEndpoint ? `${pdsEndpoint}/xrpc` : 'https://bsky.social/xrpc'; 706 + const baseUrl = pdsEndpoint ? `${pdsEndpoint}/xrpc` : 'https://public.api.bsky.app/xrpc'; 707 707 708 708 // Step 1: If we have a DID, we want to get both the user's DID and handle 709 709 let endpoint; ··· 835 835 836 836 console.log(`Using PDS endpoint for create record: ${pdsEndpoint}`); 837 837 838 - const baseUrl = pdsEndpoint ? `${pdsEndpoint}/xrpc` : 'https://bsky.social/xrpc'; 838 + const baseUrl = pdsEndpoint ? `${pdsEndpoint}/xrpc` : 'https://public.api.bsky.app/xrpc'; 839 839 const endpoint = `${baseUrl}/com.atproto.repo.createRecord`; 840 840 841 841 console.log(`Endpoint for create record: ${endpoint}`);
+1 -1
app/src/lib/bluesky-auth.ts
··· 1 1 // Default Bluesky OAuth client configuration 2 - const DEFAULT_AUTH_SERVER = 'https://bsky.social'; 2 + const DEFAULT_AUTH_SERVER = 'https://public.api.bsky.app'; 3 3 const REDIRECT_URI = 'https://flushes.app/auth/callback'; 4 4 const CLIENT_ID = 'https://flushes.app/client-metadata.json'; 5 5 // Need to include transition:generic to be able to create records
+1 -1
app/src/lib/oauth-client.ts
··· 30 30 if (!_oauthClient) { 31 31 _oauthClient = new BrowserOAuthClient({ 32 32 clientMetadata: CLIENT_METADATA as any, 33 - handleResolver: 'https://bsky.social', 33 + handleResolver: 'https://public.api.bsky.app', 34 34 responseMode: 'fragment' 35 35 }) 36 36 }