+12 -4

CHANGELOG.md

Reviewed

··· 19 19 - `Cow<'a, str>` now supported by borrow-or-share pattern traits 20 20 21 21 **OAuth permission sets, refactored scopes** (`jacquard-oauth`, `jacquard`, `jacquard-lexicon`) 22 22 - - Added `Scopes<S>` validated container for space-separated OAuth scope strings, replacing `Vec<Scope<S>>`. Stores a single string buffer with pre-computed byte-range indices, yielding zero-copy `Scope<&str>` views. 22 22 + - Added ergonomic `Scope` constructors for common atproto, account, identity, transition, repo, RPC, and permission-set scopes. 23 23 + - Added `Scopes::from_scopes()` and `ScopesBuilder` so callers can construct typed scopes programmatically while reusing the same validation, normalization, reduction, and indexing path as string parsing. 24 24 + - Added endpoint-aware `Scope::rpc_request::<R: XrpcRequest>()` and collection-aware repo helpers such as `Scope::repo_create_record::<C: Collection>()`. 25 25 + - Added `AuthorizeOptions` helpers for setting scopes from a string or typed scope values; builders can be passed through existing `with_scopes()` after `ScopesBuilder::build()`. 23 26 - Added `IncludeScope<S>` scope variant referencing permission set NSIDs with optional `?aud=<did>` audience. 24 24 - - Added permission set lexicon types (`LexPermissionSet`, `LexPermission`, `LexPermissionResource`) in jacquard-lexicon. 25 25 - - Added `expand_permission_set()` and `resolve_permission_set()` for converting permission set lexicons into concrete scopes. 26 26 - - Added `scope-check` feature to jacquard-oauth and jacquard, enabling client-side scope validation and eager resolution of `include:` scopes at session creation. 27 27 + - Updated OAuth examples and inline docs to demonstrate typed scope builders and link to the atproto OAuth scope docs and interactive scope-string builder. 27 28 28 29 **Bootstrap XRPC types** (`jacquard-common`) 29 30 - Added `DidService<S>` validated type for DID audiences with optional service-id fragments (e.g., `did:web:example.com#bsky_appview`). ··· 146 147 - `DpopDataSource` trait methods return `Option<&str>` (was `Option<CowStr<'_>>`) 147 148 - DPoP proof building uses `&str` for zero-copy JWT construction 148 149 - `build_dpop_proof` takes `&str` parameters, returns `SmolStr` 150 150 + 151 151 + **OAuth permission sets, refactored scopes** (`jacquard-oauth`, `jacquard`, `jacquard-lexicon`) 152 152 + - Added `Scopes<S>` validated container for space-separated OAuth scope strings, replacing `Vec<Scope<S>>`. Stores a single string buffer with pre-computed byte-range indices, yielding zero-copy `Scope<&str>` views. 153 153 + - Added `IncludeScope<S>` scope variant referencing permission set NSIDs with optional `?aud=<did>` audience. 154 154 + - Added permission set lexicon types (`LexPermissionSet`, `LexPermission`, `LexPermissionResource`) in jacquard-lexicon. 155 155 + - Added `expand_permission_set()` and `resolve_permission_set()` for converting permission set lexicons into concrete scopes. 156 156 + - Added `scope-check` feature to jacquard-oauth and jacquard, enabling client-side scope validation and eager resolution of `include:` scopes at session creation. 149 157 150 158 **Identity resolution** (`jacquard-identity`) 151 159 - `IdentityResolver::resolve_handle<S: BosStr + Sync>(&self, handle: &Handle<S>)`: generic over handle backing type

+8 -6

crates/jacquard-lexicon/src/lexicon.rs

Reviewed

··· 6 6 CowStr, 7 7 deps::smol_str::SmolStr, 8 8 into_static::IntoStatic, 9 9 - types::blob::MimeType, 10 10 - types::did::Did, 11 11 - types::nsid::Nsid, 12 12 - types::scope_primitives::{AccountAction, RepoAction}, 9 9 + types::{ 10 10 + blob::MimeType, 11 11 + nsid::Nsid, 12 12 + scope_primitives::{AccountAction, RepoAction}, 13 13 + string::DidService, 14 14 + }, 13 15 }; 14 16 use serde::{Deserialize, Serialize}; 15 17 use serde_repr::{Deserialize_repr, Serialize_repr}; ··· 455 457 /// Lexicon method NSIDs this permission applies to. 456 458 #[serde(borrow)] 457 459 lxm: Vec<Nsid<CowStr<'s>>>, 458 458 - /// Audience DID for inter-service auth. 460 460 + /// Audience DID with optional service fragment for inter-service auth. 459 461 #[serde(borrow, default)] 460 460 - aud: Option<Did<CowStr<'s>>>, 462 462 + aud: Option<DidService<CowStr<'s>>>, 461 463 /// If true, inherits audience from the include scope's aud parameter. 462 464 #[serde(default, rename = "inheritAud")] 463 465 inherit_aud: Option<bool>,

+47

crates/jacquard-oauth/src/atproto.rs

Reviewed

··· 210 210 self 211 211 } 212 212 213 213 + /// Set the OAuth scopes for this client. 214 214 + pub fn with_scopes(mut self, scopes: Scopes<S>) -> Self { 215 215 + self.scopes = scopes; 216 216 + self 217 217 + } 218 218 + 219 219 + /// Set the uri where the client's keys are hosted. 220 220 + pub fn with_jwks_uri(mut self, jwks_uri: Uri<String>) -> Self { 221 221 + self.jwks_uri = Some(jwks_uri); 222 222 + self 223 223 + } 224 224 + 225 225 + /// Set the human-readable display name for this client. 226 226 + pub fn with_client_name(mut self, client_name: S) -> Self { 227 227 + self.client_name = Some(client_name); 228 228 + self 229 229 + } 230 230 + 213 231 /// Create a default loopback client metadata with the `atproto` and `transition:generic` scopes. 214 232 /// 215 233 /// This is a convenience constructor for local development and CLI tools. The resulting ··· 223 241 .expect("valid scopes") 224 242 .convert(); 225 243 Self::new_localhost(None, Some(scopes)) 244 244 + } 245 245 + 246 246 + /// Create hosted client metadata with optional custom scopes. 247 247 + /// 248 248 + /// When `scopes` is `None`, the `atproto` scope is used. 249 249 + /// Use the builder functions to set fields like the jwks_uri or client name, etc. 250 250 + pub fn new( 251 251 + redirect_uris: Vec<Uri<String>>, 252 252 + client_id: Uri<String>, 253 253 + scopes: Option<Scopes<S>>, 254 254 + ) -> AtprotoClientMetadata<S> 255 255 + where 256 256 + S: From<SmolStr> + AsRef<str>, 257 257 + { 258 258 + let default_scopes: Scopes<S> = Scopes::new(SmolStr::new_static("atproto")) 259 259 + .expect("valid scopes") 260 260 + .convert(); 261 261 + AtprotoClientMetadata { 262 262 + client_id: client_id.clone(), 263 263 + client_uri: Some(client_id), 264 264 + redirect_uris: redirect_uris, 265 265 + grant_types: vec![GrantType::AuthorizationCode, GrantType::RefreshToken], 266 266 + scopes: scopes.unwrap_or(default_scopes), 267 267 + jwks_uri: None, 268 268 + client_name: None, 269 269 + logo_uri: None, 270 270 + tos_uri: None, 271 271 + privacy_policy_uri: None, 272 272 + } 226 273 } 227 274 228 275 /// Create loopback client metadata with optional custom redirect URIs and scopes.

+2 -2

crates/jacquard-oauth/src/client.rs

Reviewed

··· 18 18 #[cfg(feature = "websocket")] 19 19 use jacquard_common::CowStr; 20 20 #[cfg(feature = "scope-check")] 21 21 - use jacquard_common::types::nsid::Nsid; 21 21 + use jacquard_common::types::{nsid::Nsid, string::DidService}; 22 22 use jacquard_common::{ 23 23 AuthorizationToken, IntoStatic, 24 24 bos::BosStr, ··· 535 535 Scope::Include(IncludeScope { nsid, audience }) => { 536 536 let audience_did = if let Some(aud_str) = audience { 537 537 let decoded = decode_audience(aud_str)?; 538 538 - match Did::new_owned(&decoded) { 538 538 + match DidService::new_owned(&decoded) { 539 539 Ok(did) => Some(did), 540 540 Err(_) => { 541 541 return Err(crate::error::CallbackError::ScopeResolution {

+1 -1

crates/jacquard-oauth/src/resolver.rs

Reviewed

··· 824 824 pub async fn resolve_permission_set<R, S>( 825 825 resolver: &R, 826 826 nsid: &jacquard_common::types::nsid::Nsid<S>, 827 827 - inherited_audience: Option<&jacquard_common::types::did::Did<smol_str::SmolStr>>, 827 827 + inherited_audience: Option<&jacquard_common::types::string::DidService<smol_str::SmolStr>>, 828 828 ) -> Result<Vec<crate::scopes::Scope<smol_str::SmolStr>>> 829 829 where 830 830 R: OAuthResolver + jacquard_identity::lexicon_resolver::LexiconSchemaResolver + Sync,

+671 -38

crates/jacquard-oauth/src/scopes.rs

Reviewed

··· 3 3 //! Originally derived from <https://tangled.org/nickgerakines.me/atproto-crates/raw/main/crates/atproto-oauth/src/scopes.rs>, since substantially modified. 4 4 //! 5 5 //! This module provides comprehensive support for AT Protocol OAuth scopes, 6 6 - //! including parsing, serialization, normalization, and permission checking. 6 6 + //! including parsing, serialization, normalization, programmatic construction, 7 7 + //! and permission checking. 8 8 + //! 9 9 + //! See the AT Protocol OAuth spec's 10 10 + //! [authorization scopes](https://atproto.com/specs/oauth#authorization-scopes) 11 11 + //! section for the profile-level rules, including the required `atproto` marker 12 12 + //! scope and current 13 13 + //! [transitional scopes](https://atproto.com/specs/oauth#transitional-scopes). 14 14 + //! The AT Protocol docs also provide an interactive 15 15 + //! [scope builder](https://atproto.com/guides/scope-builder) for choosing 16 16 + //! appropriate scopes before translating them into [`Scope`] constructors or a 17 17 + //! [`ScopesBuilder`] chain. 7 18 //! 8 19 //! Scopes in AT Protocol follow a prefix-based format with optional query parameters: 9 20 //! - `account`: Access to account information (email, repo, status) ··· 11 22 //! - `blob`: Access to blob operations with mime type constraints 12 23 //! - `repo`: Repository operations with collection and action constraints 13 24 //! - `rpc`: RPC method access with lexicon and audience constraints 25 25 + //! - `include`: Reference a permission-set NSID, optionally with an audience 14 26 //! - `atproto`: Required scope to indicate that other AT Protocol scopes will be used 15 15 - //! - `transition`: Migration operations (generic or email) 27 27 + //! - `transition`: Migration operations (generic, email, or chat.bsky) 16 28 //! 17 29 //! Standard OpenID Connect scopes (no suffixes or query parameters): 18 30 //! - `openid`: Required for OpenID Connect authentication 19 31 //! - `profile`: Access to user profile information 20 32 //! - `email`: Access to user email address 33 33 + //! 34 34 + //! Programmatic construction is available through [`Scope`] constructors, 35 35 + //! [`Scopes::from_scopes`], and [`ScopesBuilder`]: 36 36 + //! 37 37 + //! ```rust 38 38 + //! use jacquard_oauth::scopes::{Scope, Scopes}; 39 39 + //! 40 40 + //! let scopes = Scopes::from_scopes([ 41 41 + //! Scope::atproto(), 42 42 + //! Scope::transition_generic(), 43 43 + //! Scope::rpc("app.bsky.feed.getTimeline")?, 44 44 + //! Scope::repo_create("app.bsky.feed.post")?, 45 45 + //! ])?; 46 46 + //! 47 47 + //! assert_eq!( 48 48 + //! scopes.to_normalized_string(), 49 49 + //! "atproto repo:app.bsky.feed.post?action=create rpc:app.bsky.feed.getTimeline transition:generic" 50 50 + //! ); 51 51 + //! # Ok::<(), jacquard_oauth::scopes::ParseError>(()) 52 52 + //! ``` 53 53 + //! 54 54 + //! For fluent construction: 55 55 + //! 56 56 + //! ```rust 57 57 + //! use jacquard_oauth::scopes::Scopes; 58 58 + //! 59 59 + //! let scopes = Scopes::builder() 60 60 + //! .atproto() 61 61 + //! .transition_generic() 62 62 + //! .rpc("app.bsky.feed.getTimeline")? 63 63 + //! .repo_create("app.bsky.feed.post")? 64 64 + //! .build()?; 65 65 + //! 66 66 + //! assert!(scopes.grants(&jacquard_oauth::scopes::Scope::atproto())); 67 67 + //! # Ok::<(), jacquard_oauth::scopes::ParseError>(()) 68 68 + //! ``` 21 69 22 70 use std::collections::{BTreeMap, BTreeSet}; 23 71 use std::fmt; ··· 29 77 EStr, EString, 30 78 encoder::{Query, Query as EncQuery}, 31 79 }; 32 32 - use jacquard_common::types::did::Did; 80 80 + use jacquard_common::types::collection::Collection; 81 81 + use jacquard_common::types::did_service::validate_did_service; 33 82 use jacquard_common::types::nsid::Nsid; 34 34 - use jacquard_common::types::string::AtStrError; 83 83 + use jacquard_common::types::string::{AtStrError, DidService}; 84 84 + use jacquard_common::xrpc::XrpcRequest; 35 85 use jacquard_common::{BorrowOrShare, Bos, FromStaticStr, IntoStatic}; 36 86 use serde::de::{Error as DeError, Visitor}; 37 87 use serde::{Deserialize, Serialize}; ··· 130 180 } 131 181 } 132 182 183 183 + impl Scope<SmolStr> { 184 184 + /// Construct the required AT Protocol marker scope. 185 185 + pub fn atproto() -> Self { 186 186 + Scope::Atproto 187 187 + } 188 188 + 189 189 + /// Construct the OpenID Connect `openid` scope. 190 190 + pub fn openid() -> Self { 191 191 + Scope::OpenId 192 192 + } 193 193 + 194 194 + /// Construct the OpenID Connect `profile` scope. 195 195 + pub fn profile() -> Self { 196 196 + Scope::Profile 197 197 + } 198 198 + 199 199 + /// Construct the OpenID Connect `email` scope. 200 200 + pub fn email() -> Self { 201 201 + Scope::Email 202 202 + } 203 203 + 204 204 + /// Construct `identity:handle`. 205 205 + pub fn identity_handle() -> Self { 206 206 + Scope::Identity(IdentityScope::Handle) 207 207 + } 208 208 + 209 209 + /// Construct `identity:*`. 210 210 + pub fn identity_all() -> Self { 211 211 + Scope::Identity(IdentityScope::All) 212 212 + } 213 213 + 214 214 + /// Construct `transition:generic`. 215 215 + pub fn transition_generic() -> Self { 216 216 + Scope::Transition(TransitionScope::Generic) 217 217 + } 218 218 + 219 219 + /// Construct `transition:email`. 220 220 + pub fn transition_email() -> Self { 221 221 + Scope::Transition(TransitionScope::Email) 222 222 + } 223 223 + 224 224 + /// Construct `transition:chat.bsky`. 225 225 + pub fn transition_chat_bsky() -> Self { 226 226 + Scope::Transition(TransitionScope::ChatBsky) 227 227 + } 228 228 + 229 229 + /// Construct `account:email`. 230 230 + pub fn account_email_read() -> Self { 231 231 + account_scope(AccountResource::Email, AccountAction::Read) 232 232 + } 233 233 + 234 234 + /// Construct `account:email?action=manage`. 235 235 + pub fn account_email_manage() -> Self { 236 236 + account_scope(AccountResource::Email, AccountAction::Manage) 237 237 + } 238 238 + 239 239 + /// Construct `account:repo`. 240 240 + pub fn account_repo_read() -> Self { 241 241 + account_scope(AccountResource::Repo, AccountAction::Read) 242 242 + } 243 243 + 244 244 + /// Construct `account:repo?action=manage`. 245 245 + pub fn account_repo_manage() -> Self { 246 246 + account_scope(AccountResource::Repo, AccountAction::Manage) 247 247 + } 248 248 + 249 249 + /// Construct `account:status`. 250 250 + pub fn account_status_read() -> Self { 251 251 + account_scope(AccountResource::Status, AccountAction::Read) 252 252 + } 253 253 + 254 254 + /// Construct `account:status?action=manage`. 255 255 + pub fn account_status_manage() -> Self { 256 256 + account_scope(AccountResource::Status, AccountAction::Manage) 257 257 + } 258 258 + 259 259 + /// Construct `repo:*` with all repository actions. 260 260 + pub fn repo_all() -> Self { 261 261 + Scope::repo_nsid_actions(None, all_repo_actions()) 262 262 + } 263 263 + 264 264 + /// Construct a repo scope for all actions on one collection. 265 265 + pub fn repo_collection(collection: impl AsRef<str>) -> Result<Self, ParseError> { 266 266 + Ok(Scope::repo_nsid_actions( 267 267 + Some(Nsid::new_owned(collection)?), 268 268 + all_repo_actions(), 269 269 + )) 270 270 + } 271 271 + 272 272 + /// Construct a repo scope granting create on one collection. 273 273 + pub fn repo_create(collection: impl AsRef<str>) -> Result<Self, ParseError> { 274 274 + Ok(Scope::repo_nsid_actions( 275 275 + Some(Nsid::new_owned(collection)?), 276 276 + [RepoAction::Create], 277 277 + )) 278 278 + } 279 279 + 280 280 + /// Construct a repo scope granting update on one collection. 281 281 + pub fn repo_update(collection: impl AsRef<str>) -> Result<Self, ParseError> { 282 282 + Ok(Scope::repo_nsid_actions( 283 283 + Some(Nsid::new_owned(collection)?), 284 284 + [RepoAction::Update], 285 285 + )) 286 286 + } 287 287 + 288 288 + /// Construct a repo scope granting delete on one collection. 289 289 + pub fn repo_delete(collection: impl AsRef<str>) -> Result<Self, ParseError> { 290 290 + Ok(Scope::repo_nsid_actions( 291 291 + Some(Nsid::new_owned(collection)?), 292 292 + [RepoAction::Delete], 293 293 + )) 294 294 + } 295 295 + 296 296 + /// Construct `rpc:*`. 297 297 + pub fn rpc_all() -> Self { 298 298 + let mut lxm = BTreeSet::new(); 299 299 + lxm.insert(RpcLexicon::All); 300 300 + let mut aud = BTreeSet::new(); 301 301 + aud.insert(RpcAudience::All); 302 302 + Scope::Rpc(RpcScope { lxm, aud }) 303 303 + } 304 304 + 305 305 + /// Construct an RPC scope for one XRPC method NSID and all audiences. 306 306 + pub fn rpc(lxm: impl AsRef<str>) -> Result<Self, ParseError> { 307 307 + Ok(Scope::rpc_nsid(Nsid::new_owned(lxm)?)) 308 308 + } 309 309 + 310 310 + /// Construct an RPC scope for one XRPC method NSID and one DID audience. 311 311 + pub fn rpc_aud(lxm: impl AsRef<str>, aud: impl AsRef<str>) -> Result<Self, ParseError> { 312 312 + Ok(Scope::rpc_nsid_aud( 313 313 + Nsid::new_owned(lxm)?, 314 314 + DidService::new_owned(aud)?, 315 315 + )) 316 316 + } 317 317 + 318 318 + /// Construct an RPC scope from an XRPC request type. 319 319 + pub fn rpc_request<R: XrpcRequest>() -> Self { 320 320 + Scope::rpc_nsid(unsafe { Nsid::unchecked(SmolStr::new_static(R::NSID)) }) 321 321 + } 322 322 + 323 323 + /// Construct an RPC scope from an XRPC request type and one DID audience. 324 324 + pub fn rpc_request_aud<R: XrpcRequest>(aud: impl AsRef<str>) -> Result<Self, ParseError> { 325 325 + Ok(Scope::rpc_nsid_aud( 326 326 + unsafe { Nsid::unchecked(SmolStr::new_static(R::NSID)) }, 327 327 + DidService::new_owned(aud)?, 328 328 + )) 329 329 + } 330 330 + 331 331 + /// Construct an `include:<nsid>` permission-set scope. 332 332 + pub fn include(nsid: impl AsRef<str>) -> Result<Self, ParseError> { 333 333 + Ok(Scope::include_nsid(Nsid::new_owned(nsid)?, None)) 334 334 + } 335 335 + 336 336 + /// Construct an `include:<nsid>?aud=<audience>` permission-set scope. 337 337 + pub fn include_aud(nsid: impl AsRef<str>, aud: impl AsRef<str>) -> Result<Self, ParseError> { 338 338 + let audience = normalize_include_audience(aud.as_ref())?; 339 339 + Ok(Scope::include_nsid(Nsid::new_owned(nsid)?, Some(audience))) 340 340 + } 341 341 + 342 342 + /// Construct a repo scope granting create for a record collection type. 343 343 + pub fn repo_create_record<C: Collection>() -> Self { 344 344 + Scope::repo_nsid_actions(Some(collection_nsid::<C>()), [RepoAction::Create]) 345 345 + } 346 346 + 347 347 + /// Construct a repo scope granting update for a record collection type. 348 348 + pub fn repo_update_record<C: Collection>() -> Self { 349 349 + Scope::repo_nsid_actions(Some(collection_nsid::<C>()), [RepoAction::Update]) 350 350 + } 351 351 + 352 352 + /// Construct a repo scope granting delete for a record collection type. 353 353 + pub fn repo_delete_record<C: Collection>() -> Self { 354 354 + Scope::repo_nsid_actions(Some(collection_nsid::<C>()), [RepoAction::Delete]) 355 355 + } 356 356 + 357 357 + /// Construct a repo scope granting all repo actions for a record collection type. 358 358 + pub fn repo_all_record<C: Collection>() -> Self { 359 359 + Scope::repo_nsid_actions(Some(collection_nsid::<C>()), all_repo_actions()) 360 360 + } 361 361 + } 362 362 + 363 363 + impl<S: BosStr + Ord> Scope<S> { 364 364 + /// Construct a repo scope for a typed collection NSID and explicit actions. 365 365 + pub fn repo_nsid(collection: Nsid<S>, actions: impl IntoIterator<Item = RepoAction>) -> Self { 366 366 + Self::repo_nsid_actions(Some(collection), actions) 367 367 + } 368 368 + 369 369 + fn repo_nsid_actions( 370 370 + collection: Option<Nsid<S>>, 371 371 + actions: impl IntoIterator<Item = RepoAction>, 372 372 + ) -> Self { 373 373 + let mut actions: BTreeSet<_> = actions.into_iter().collect(); 374 374 + if actions.is_empty() { 375 375 + actions.extend(all_repo_actions()); 376 376 + } 377 377 + 378 378 + Scope::Repo(RepoScope { 379 379 + collection: collection.map_or(RepoCollection::All, RepoCollection::Nsid), 380 380 + actions, 381 381 + }) 382 382 + } 383 383 + 384 384 + /// Construct an RPC scope for a typed XRPC method NSID and all audiences. 385 385 + pub fn rpc_nsid(lxm: Nsid<S>) -> Self { 386 386 + let mut lxm_set = BTreeSet::new(); 387 387 + lxm_set.insert(RpcLexicon::Nsid(lxm)); 388 388 + let mut aud = BTreeSet::new(); 389 389 + aud.insert(RpcAudience::All); 390 390 + Scope::Rpc(RpcScope { lxm: lxm_set, aud }) 391 391 + } 392 392 + 393 393 + /// Construct an RPC scope for a typed XRPC method NSID and typed DID audience. 394 394 + pub fn rpc_nsid_aud(lxm: Nsid<S>, aud: DidService<S>) -> Self { 395 395 + let mut lxm_set = BTreeSet::new(); 396 396 + lxm_set.insert(RpcLexicon::Nsid(lxm)); 397 397 + let mut aud_set = BTreeSet::new(); 398 398 + aud_set.insert(RpcAudience::Did(aud)); 399 399 + Scope::Rpc(RpcScope { 400 400 + lxm: lxm_set, 401 401 + aud: aud_set, 402 402 + }) 403 403 + } 404 404 + 405 405 + /// Construct an include permission-set scope from a typed NSID and optional audience string. 406 406 + pub fn include_nsid(nsid: Nsid<S>, audience: Option<S>) -> Self { 407 407 + Scope::Include(IncludeScope { nsid, audience }) 408 408 + } 409 409 + } 410 410 + 411 411 + fn account_scope(resource: AccountResource, action: AccountAction) -> Scope<SmolStr> { 412 412 + Scope::Account(AccountScope { resource, action }) 413 413 + } 414 414 + 415 415 + fn all_repo_actions() -> [RepoAction; 3] { 416 416 + [RepoAction::Create, RepoAction::Update, RepoAction::Delete] 417 417 + } 418 418 + 419 419 + fn collection_nsid<C: Collection>() -> Nsid<SmolStr> { 420 420 + unsafe { Nsid::unchecked(SmolStr::new_static(C::NSID)) } 421 421 + } 422 422 + 423 423 + fn normalize_include_audience(audience: &str) -> Result<SmolStr, ParseError> { 424 424 + if audience.contains('%') { 425 425 + let estr = EStr::<Query>::new(audience).ok_or_else(|| { 426 426 + ParseError::InvalidResource( 427 427 + "include audience has invalid percent-encoding".to_smolstr(), 428 428 + ) 429 429 + })?; 430 430 + let decoded = estr.decode().to_string().map_err(|_| { 431 431 + ParseError::InvalidResource( 432 432 + "include audience contains invalid UTF-8 sequence".to_smolstr(), 433 433 + ) 434 434 + })?; 435 435 + validate_include_audience(&decoded)?; 436 436 + Ok(SmolStr::new(decoded)) 437 437 + } else { 438 438 + validate_include_audience(audience)?; 439 439 + Ok(SmolStr::new(audience)) 440 440 + } 441 441 + } 442 442 + 443 443 + fn validate_include_audience(audience: &str) -> Result<(), ParseError> { 444 444 + Ok(validate_did_service(audience)?) 445 445 + } 446 446 + 133 447 /// Account scope attributes 134 448 #[derive(Debug, Clone, PartialEq, Eq, Hash)] 135 449 pub struct AccountScope { ··· 458 772 pub enum RpcAudience<S: BosStr = DefaultStr> { 459 773 /// All audiences (wildcard) 460 774 All, 461 461 - /// Specific DID 462 462 - Did(Did<S>), 775 775 + /// Specific DID with optional service id fragment 776 776 + Did(DidService<S>), 463 777 } 464 778 465 779 impl<S: BosStr> RpcAudience<S> { ··· 805 1119 indices: Vec::new(), 806 1120 } 807 1121 } 1122 1122 + 1123 1123 + /// Construct scopes from typed scope values, reusing normal parsing, validation, 1124 1124 + /// reduction, and indexing. 1125 1125 + pub fn from_scopes<I>(scopes: I) -> Result<Self, ParseError> 1126 1126 + where 1127 1127 + I: IntoIterator<Item = Scope<SmolStr>>, 1128 1128 + { 1129 1129 + let mut builder = SmolStrBuilder::new(); 1130 1130 + for (index, scope) in scopes.into_iter().enumerate() { 1131 1131 + if index > 0 { 1132 1132 + builder.push(' '); 1133 1133 + } 1134 1134 + builder.push_str(&scope.to_string_normalized()); 1135 1135 + } 1136 1136 + Scopes::new(builder.finish()) 1137 1137 + } 1138 1138 + 1139 1139 + /// Construct the default atproto marker scope set. 1140 1140 + pub fn atproto() -> Self { 1141 1141 + Scopes::new(SmolStr::new_static("atproto")).expect("static atproto scope is valid") 1142 1142 + } 1143 1143 + 1144 1144 + /// Construct a conservative local-development scope set. 1145 1145 + pub fn local_development() -> Self { 1146 1146 + Scopes::new(SmolStr::new_static("atproto transition:generic")) 1147 1147 + .expect("static local-development scopes are valid") 1148 1148 + } 1149 1149 + 1150 1150 + /// Start a fluent scope builder. 1151 1151 + pub fn builder() -> ScopesBuilder { 1152 1152 + ScopesBuilder::new() 1153 1153 + } 1154 1154 + } 1155 1155 + 1156 1156 + /// Fluent builder for programmatic OAuth scope construction. 1157 1157 + #[derive(Debug, Clone, Default)] 1158 1158 + pub struct ScopesBuilder { 1159 1159 + scopes: Vec<Scope<SmolStr>>, 1160 1160 + } 1161 1161 + 1162 1162 + impl ScopesBuilder { 1163 1163 + /// Create an empty builder. 1164 1164 + pub fn new() -> Self { 1165 1165 + Self { scopes: Vec::new() } 1166 1166 + } 1167 1167 + 1168 1168 + /// Add an already-constructed scope. 1169 1169 + pub fn scope(mut self, scope: Scope<SmolStr>) -> Self { 1170 1170 + self.scopes.push(scope); 1171 1171 + self 1172 1172 + } 1173 1173 + 1174 1174 + /// Add `atproto`. 1175 1175 + pub fn atproto(self) -> Self { 1176 1176 + self.scope(Scope::atproto()) 1177 1177 + } 1178 1178 + 1179 1179 + /// Add `openid`. 1180 1180 + pub fn openid(self) -> Self { 1181 1181 + self.scope(Scope::openid()) 1182 1182 + } 1183 1183 + 1184 1184 + /// Add `profile`. 1185 1185 + pub fn profile(self) -> Self { 1186 1186 + self.scope(Scope::profile()) 1187 1187 + } 1188 1188 + 1189 1189 + /// Add `email`. 1190 1190 + pub fn email(self) -> Self { 1191 1191 + self.scope(Scope::email()) 1192 1192 + } 1193 1193 + 1194 1194 + /// Add `transition:generic`. 1195 1195 + pub fn transition_generic(self) -> Self { 1196 1196 + self.scope(Scope::transition_generic()) 1197 1197 + } 1198 1198 + 1199 1199 + /// Add `transition:email`. 1200 1200 + pub fn transition_email(self) -> Self { 1201 1201 + self.scope(Scope::transition_email()) 1202 1202 + } 1203 1203 + 1204 1204 + /// Add `transition:chat.bsky`. 1205 1205 + pub fn transition_chat_bsky(self) -> Self { 1206 1206 + self.scope(Scope::transition_chat_bsky()) 1207 1207 + } 1208 1208 + 1209 1209 + /// Add `identity:handle`. 1210 1210 + pub fn identity_handle(self) -> Self { 1211 1211 + self.scope(Scope::identity_handle()) 1212 1212 + } 1213 1213 + 1214 1214 + /// Add `identity:*`. 1215 1215 + pub fn identity_all(self) -> Self { 1216 1216 + self.scope(Scope::identity_all()) 1217 1217 + } 1218 1218 + 1219 1219 + /// Add `rpc:*`. 1220 1220 + pub fn rpc_all(self) -> Self { 1221 1221 + self.scope(Scope::rpc_all()) 1222 1222 + } 1223 1223 + 1224 1224 + /// Add an RPC scope for one XRPC method NSID. 1225 1225 + pub fn rpc(self, nsid: impl AsRef<str>) -> Result<Self, ParseError> { 1226 1226 + Ok(self.scope(Scope::rpc(nsid)?)) 1227 1227 + } 1228 1228 + 1229 1229 + /// Add an RPC scope for one XRPC request type. 1230 1230 + pub fn rpc_request<R: XrpcRequest>(self) -> Self { 1231 1231 + self.scope(Scope::rpc_request::<R>()) 1232 1232 + } 1233 1233 + 1234 1234 + /// Add an RPC scope for one XRPC request type. 1235 1235 + pub fn rpc_request_aud<R: XrpcRequest>(self, aud: impl AsRef<str>) -> Result<Self, ParseError> { 1236 1236 + Ok(self.scope(Scope::rpc_request_aud::<R>(aud)?)) 1237 1237 + } 1238 1238 + 1239 1239 + /// Add a repo create scope for one collection NSID. 1240 1240 + pub fn repo_create(self, collection: impl AsRef<str>) -> Result<Self, ParseError> { 1241 1241 + Ok(self.scope(Scope::repo_create(collection)?)) 1242 1242 + } 1243 1243 + 1244 1244 + /// Add a repo update scope for one collection NSID. 1245 1245 + pub fn repo_update(self, collection: impl AsRef<str>) -> Result<Self, ParseError> { 1246 1246 + Ok(self.scope(Scope::repo_update(collection)?)) 1247 1247 + } 1248 1248 + 1249 1249 + /// Add a repo delete scope for one collection NSID. 1250 1250 + pub fn repo_delete(self, collection: impl AsRef<str>) -> Result<Self, ParseError> { 1251 1251 + Ok(self.scope(Scope::repo_delete(collection)?)) 1252 1252 + } 1253 1253 + 1254 1254 + /// Add a repo all-actions scope for one collection NSID. 1255 1255 + pub fn repo_collection(self, collection: impl AsRef<str>) -> Result<Self, ParseError> { 1256 1256 + Ok(self.scope(Scope::repo_collection(collection)?)) 1257 1257 + } 1258 1258 + 1259 1259 + /// Add a repo create scope for a collection type. 1260 1260 + pub fn repo_create_record<C: Collection>(self) -> Self { 1261 1261 + self.scope(Scope::repo_create_record::<C>()) 1262 1262 + } 1263 1263 + 1264 1264 + /// Add a repo update scope for a collection type. 1265 1265 + pub fn repo_update_record<C: Collection>(self) -> Self { 1266 1266 + self.scope(Scope::repo_update_record::<C>()) 1267 1267 + } 1268 1268 + 1269 1269 + /// Add a repo delete scope for a collection type. 1270 1270 + pub fn repo_delete_record<C: Collection>(self) -> Self { 1271 1271 + self.scope(Scope::repo_delete_record::<C>()) 1272 1272 + } 1273 1273 + 1274 1274 + /// Add a repo all-actions scope for a collection type. 1275 1275 + pub fn repo_all_record<C: Collection>(self) -> Self { 1276 1276 + self.scope(Scope::repo_all_record::<C>()) 1277 1277 + } 1278 1278 + 1279 1279 + /// Add an include permission-set scope. 1280 1280 + pub fn include(self, nsid: impl AsRef<str>) -> Result<Self, ParseError> { 1281 1281 + Ok(self.scope(Scope::include(nsid)?)) 1282 1282 + } 1283 1283 + 1284 1284 + /// Add an include permission-set scope with an audience. 1285 1285 + pub fn include_aud( 1286 1286 + self, 1287 1287 + nsid: impl AsRef<str>, 1288 1288 + aud: impl AsRef<str>, 1289 1289 + ) -> Result<Self, ParseError> { 1290 1290 + Ok(self.scope(Scope::include_aud(nsid, aud)?)) 1291 1291 + } 1292 1292 + 1293 1293 + /// Validate, reduce, and build the final scope container. 1294 1294 + pub fn build(self) -> Result<Scopes<SmolStr>, ParseError> { 1295 1295 + Scopes::from_scopes(self.scopes) 1296 1296 + } 808 1297 } 809 1298 810 1299 impl<S: Bos<str> + AsRef<str> + Default + FromStaticStr> Default for Scopes<S> { ··· 1142 1631 aud.push((start, start + 1)); 1143 1632 } 1144 1633 } else { 1145 1145 - jacquard_common::types::did::validate_did(value)?; 1634 1634 + validate_did_service(value)?; 1146 1635 if let Some(pos) = token.find(value) { 1147 1636 let start = base + pos as u16; 1148 1637 let end = start + value.len() as u16; ··· 1173 1662 aud.push((start, start + 1)); 1174 1663 } 1175 1664 } else { 1176 1176 - jacquard_common::types::did::validate_did(value)?; 1665 1665 + validate_did_service(value)?; 1177 1666 if let Some(pos) = token.find(value) { 1178 1667 let start = base + pos as u16; 1179 1668 let end = start + value.len() as u16; ··· 1253 1742 ) 1254 1743 })?; 1255 1744 1256 1256 - // Validate the DID portion (before any #). 1257 1257 - let did_part = decoded.split('#').next().unwrap_or(""); 1258 1258 - jacquard_common::types::did::validate_did(did_part)?; 1259 1259 - if decoded.contains('#') { 1260 1260 - let frag = decoded.split('#').nth(1).unwrap_or(""); 1261 1261 - if frag.is_empty() { 1262 1262 - return Err(ParseError::InvalidResource( 1263 1263 - "include audience fragment cannot be empty".to_smolstr(), 1264 1264 - )); 1265 1265 - } 1266 1266 - } 1745 1745 + validate_did_service(&decoded)?; 1267 1746 } else { 1268 1268 - // Unencoded: validate the DID portion before `#`. 1269 1269 - let did_part = aud_value.split('#').next().unwrap_or(""); 1270 1270 - jacquard_common::types::did::validate_did(did_part)?; 1271 1271 - if aud_value.contains('#') { 1272 1272 - let frag = aud_value.split('#').nth(1).unwrap_or(""); 1273 1273 - if frag.is_empty() { 1274 1274 - return Err(ParseError::InvalidResource( 1275 1275 - "include audience fragment cannot be empty".to_smolstr(), 1276 1276 - )); 1277 1277 - } 1278 1278 - } 1747 1747 + validate_did_service(aud_value)?; 1279 1748 } 1280 1749 1281 1750 // Find the audience's byte position in the token. ··· 1496 1965 if s == "*" { 1497 1966 aud_set.insert(RpcAudience::All); 1498 1967 } else { 1499 1499 - aud_set.insert(RpcAudience::Did(unsafe { Did::unchecked(s) })); 1968 1968 + aud_set.insert(RpcAudience::Did(unsafe { DidService::unchecked(s) })); 1500 1969 } 1501 1970 } 1502 1971 } ··· 1560 2029 "rpc", 1561 2030 "atproto", 1562 2031 "transition", 2032 2032 + "include", 1563 2033 "openid", 1564 2034 "profile", 1565 2035 "email", ··· 1599 2069 "rpc" => Self::parse_rpc(suffix), 1600 2070 "atproto" => Self::parse_atproto(suffix), 1601 2071 "transition" => Self::parse_transition(suffix), 2072 2072 + "include" => Self::parse_include(suffix), 1602 2073 "openid" => Self::parse_openid(suffix), 1603 2074 "profile" => Self::parse_profile(suffix), 1604 2075 "email" => Self::parse_email(suffix), ··· 1774 2245 if *value == "*" { 1775 2246 aud.insert(RpcAudience::All); 1776 2247 } else { 1777 1777 - aud.insert(RpcAudience::Did(Did::from_str(*value)?)); 2248 2248 + aud.insert(RpcAudience::Did(DidService::from_str(*value)?)); 1778 2249 } 1779 2250 } 1780 2251 } ··· 1792 2263 if *value == "*" { 1793 2264 aud.insert(RpcAudience::All); 1794 2265 } else { 1795 1795 - aud.insert(RpcAudience::Did(Did::from_str(*value)?)); 2266 2266 + aud.insert(RpcAudience::Did(DidService::from_str(*value)?)); 1796 2267 } 1797 2268 } 1798 2269 } ··· 1832 2303 }; 1833 2304 1834 2305 Ok(Scope::Transition(scope)) 2306 2306 + } 2307 2307 + 2308 2308 + fn parse_include<'a>(suffix: Option<&'a str>) -> Result<Self, ParseError> 2309 2309 + where 2310 2310 + S: FromStr, 2311 2311 + { 2312 2312 + let (nsid_str, params) = match suffix { 2313 2313 + Some(s) => { 2314 2314 + if let Some(pos) = s.find('?') { 2315 2315 + (&s[..pos], Some(&s[pos + 1..])) 2316 2316 + } else { 2317 2317 + (s, None) 2318 2318 + } 2319 2319 + } 2320 2320 + None => return Err(ParseError::MissingResource), 2321 2321 + }; 2322 2322 + 2323 2323 + let audience = if let Some(params) = params { 2324 2324 + let parsed_params = parse_query_string(params); 2325 2325 + parsed_params 2326 2326 + .get("aud") 2327 2327 + .and_then(|values| values.first()) 2328 2328 + .map(|audience| { 2329 2329 + let normalized = normalize_include_audience(audience)?; 2330 2330 + S::from_str(normalized.as_str()).map_err(|_| { 2331 2331 + ParseError::InvalidResource("invalid include audience".to_smolstr()) 2332 2332 + }) 2333 2333 + }) 2334 2334 + .transpose()? 2335 2335 + } else { 2336 2336 + None 2337 2337 + }; 2338 2338 + 2339 2339 + Ok(Scope::Include(IncludeScope { 2340 2340 + nsid: Nsid::from_str(nsid_str)?, 2341 2341 + audience, 2342 2342 + })) 1835 2343 } 1836 2344 1837 2345 fn parse_openid(suffix: Option<&str>) -> Result<Self, ParseError> { ··· 2246 2754 #[cfg(feature = "scope-check")] 2247 2755 pub fn expand_permission_set( 2248 2756 perm_set: &jacquard_lexicon::lexicon::LexPermissionSet<'static>, 2249 2249 - inherited_audience: Option<&Did<SmolStr>>, 2757 2757 + inherited_audience: Option<&DidService<SmolStr>>, 2250 2758 ) -> Result<Vec<Scope<SmolStr>>, PermissionSetConversionError> { 2251 2759 use jacquard_lexicon::lexicon::{LexPermission, LexPermissionResource}; 2252 2760 ··· 2382 2890 use super::*; 2383 2891 #[cfg(feature = "scope-check")] 2384 2892 use jacquard_common::CowStr; 2893 2893 + use jacquard_common::xrpc::{XrpcMethod, XrpcResp}; 2894 2894 + use serde::{Deserialize, Serialize}; 2895 2895 + 2896 2896 + #[derive(Debug, Serialize, Deserialize)] 2897 2897 + struct TestRequest; 2898 2898 + 2899 2899 + #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, thiserror::Error)] 2900 2900 + #[error("test error")] 2901 2901 + struct TestError; 2902 2902 + 2903 2903 + struct TestResponse; 2904 2904 + 2905 2905 + impl XrpcResp for TestResponse { 2906 2906 + const NSID: &'static str = "app.bsky.feed.getTimeline"; 2907 2907 + const ENCODING: &'static str = "application/json"; 2908 2908 + type Output<S: BosStr> = (); 2909 2909 + type Err = TestError; 2910 2910 + } 2911 2911 + 2912 2912 + impl XrpcRequest for TestRequest { 2913 2913 + const NSID: &'static str = "app.bsky.feed.getTimeline"; 2914 2914 + const METHOD: XrpcMethod = XrpcMethod::Query; 2915 2915 + type Response = TestResponse; 2916 2916 + } 2917 2917 + 2918 2918 + struct TestCollection; 2919 2919 + 2920 2920 + impl Collection for TestCollection { 2921 2921 + const NSID: &'static str = "app.bsky.feed.post"; 2922 2922 + type Record = TestResponse; 2923 2923 + } 2924 2924 + 2925 2925 + #[test] 2926 2926 + fn test_scope_constructors() { 2927 2927 + assert_eq!(Scope::atproto().to_string_normalized(), "atproto"); 2928 2928 + assert_eq!( 2929 2929 + Scope::identity_handle().to_string_normalized(), 2930 2930 + "identity:handle" 2931 2931 + ); 2932 2932 + assert_eq!( 2933 2933 + Scope::account_repo_manage().to_string_normalized(), 2934 2934 + "account:repo?action=manage" 2935 2935 + ); 2936 2936 + assert_eq!(Scope::repo_all().to_string_normalized(), "repo:*"); 2937 2937 + assert_eq!( 2938 2938 + Scope::repo_create("app.bsky.feed.post") 2939 2939 + .unwrap() 2940 2940 + .to_string_normalized(), 2941 2941 + "repo:app.bsky.feed.post?action=create" 2942 2942 + ); 2943 2943 + assert_eq!( 2944 2944 + Scope::rpc("app.bsky.feed.getTimeline") 2945 2945 + .unwrap() 2946 2946 + .to_string_normalized(), 2947 2947 + "rpc:app.bsky.feed.getTimeline" 2948 2948 + ); 2949 2949 + assert_eq!( 2950 2950 + Scope::rpc_aud( 2951 2951 + "app.bsky.feed.getTimeline", 2952 2952 + "did:plc:yfvwmnlztr4dwkb7hwz55r2g" 2953 2953 + ) 2954 2954 + .unwrap() 2955 2955 + .to_string_normalized(), 2956 2956 + "rpc?aud=did:plc:yfvwmnlztr4dwkb7hwz55r2g&lxm=app.bsky.feed.getTimeline" 2957 2957 + ); 2958 2958 + assert_eq!( 2959 2959 + Scope::include_aud("app.bsky.authFull", "did:web:example.com#svc") 2960 2960 + .unwrap() 2961 2961 + .to_string_normalized(), 2962 2962 + "include:app.bsky.authFull?aud=did:web:example.com%23svc" 2963 2963 + ); 2964 2964 + } 2965 2965 + 2966 2966 + #[test] 2967 2967 + fn test_endpoint_and_collection_scope_constructors() { 2968 2968 + assert_eq!( 2969 2969 + Scope::rpc_request::<TestRequest>().to_string_normalized(), 2970 2970 + "rpc:app.bsky.feed.getTimeline" 2971 2971 + ); 2972 2972 + assert_eq!( 2973 2973 + Scope::repo_create_record::<TestCollection>().to_string_normalized(), 2974 2974 + "repo:app.bsky.feed.post?action=create" 2975 2975 + ); 2976 2976 + assert_eq!( 2977 2977 + Scope::repo_all_record::<TestCollection>().to_string_normalized(), 2978 2978 + "repo:app.bsky.feed.post" 2979 2979 + ); 2980 2980 + } 2981 2981 + 2982 2982 + #[test] 2983 2983 + fn test_scopes_from_scopes_and_builder() { 2984 2984 + let scopes = Scopes::from_scopes([ 2985 2985 + Scope::repo_create("app.bsky.feed.post").unwrap(), 2986 2986 + Scope::repo_all(), 2987 2987 + Scope::atproto(), 2988 2988 + ]) 2989 2989 + .unwrap(); 2990 2990 + 2991 2991 + assert_eq!(scopes.to_normalized_string(), "atproto repo:*"); 2992 2992 + 2993 2993 + let built = Scopes::builder() 2994 2994 + .atproto() 2995 2995 + .transition_generic() 2996 2996 + .rpc_request::<TestRequest>() 2997 2997 + .repo_create_record::<TestCollection>() 2998 2998 + .include("app.bsky.authFull") 2999 2999 + .unwrap() 3000 3000 + .build() 3001 3001 + .unwrap(); 3002 3002 + 3003 3003 + assert_eq!( 3004 3004 + built.to_normalized_string(), 3005 3005 + "atproto include:app.bsky.authFull repo:app.bsky.feed.post?action=create rpc:app.bsky.feed.getTimeline transition:generic" 3006 3006 + ); 3007 3007 + } 3008 3008 + 3009 3009 + #[test] 3010 3010 + fn test_single_scope_include_parsing() { 3011 3011 + let scope: Scope = 3012 3012 + Scope::parse("include:app.bsky.authFull?aud=did:web:example.com#svc").unwrap(); 3013 3013 + assert_eq!( 3014 3014 + scope.to_string_normalized(), 3015 3015 + "include:app.bsky.authFull?aud=did:web:example.com%23svc" 3016 3016 + ); 3017 3017 + } 2385 3018 2386 3019 #[test] 2387 3020 fn test_account_scope_parsing() { ··· 2512 3145 Nsid::new_owned("com.example.service").unwrap(), 2513 3146 )); 2514 3147 aud.insert(RpcAudience::Did( 2515 2515 - Did::new_owned("did:plc:yfvwmnlztr4dwkb7hwz55r2g").unwrap(), 3148 3148 + DidService::new_owned("did:plc:yfvwmnlztr4dwkb7hwz55r2g").unwrap(), 2516 3149 )); 2517 3150 assert_eq!(scope, Scope::Rpc(RpcScope { lxm, aud })); 2518 3151 ··· 2528 3161 Nsid::new_owned("com.example.method2").unwrap(), 2529 3162 )); 2530 3163 aud.insert(RpcAudience::Did( 2531 2531 - Did::new_owned("did:plc:yfvwmnlztr4dwkb7hwz55r2g").unwrap(), 3164 3164 + DidService::new_owned("did:plc:yfvwmnlztr4dwkb7hwz55r2g").unwrap(), 2532 3165 )); 2533 3166 assert_eq!(scope, Scope::Rpc(RpcScope { lxm, aud })); 2534 3167 } ··· 4029 4662 permissions: perms, 4030 4663 }; 4031 4664 4032 4032 - let inherited_did = Did::new_static("did:web:example.com").unwrap(); 4665 4665 + let inherited_did = DidService::new_static("did:web:example.com").unwrap(); 4033 4666 let scopes = expand_permission_set(&perm_set, Some(&inherited_did)).unwrap(); 4034 4667 assert_eq!(scopes.len(), 1); 4035 4668 ··· 4053 4686 perms.push(LexPermission::Permission { 4054 4687 resource: LexPermissionResource::Rpc { 4055 4688 lxm: vec![Nsid::new_static("app.bsky.feed.getTimeline").unwrap()], 4056 4056 - aud: Some(Did::new_static("did:web:custom.com").unwrap()), 4689 4689 + aud: Some(DidService::new_static("did:web:custom.com").unwrap()), 4057 4690 inherit_aud: None, 4058 4691 }, 4059 4692 });

+70 -1

crates/jacquard-oauth/src/types.rs

Reviewed

··· 4 4 mod response; 5 5 mod token; 6 6 7 7 - use crate::scopes::Scopes; 7 7 + use crate::scopes::{ParseError, Scope, Scopes}; 8 8 9 9 pub use self::client_metadata::*; 10 10 pub use self::metadata::*; ··· 107 107 pub fn with_scopes(mut self, scopes: Scopes<S>) -> Self { 108 108 self.scopes = scopes; 109 109 self 110 110 + } 111 111 + } 112 112 + 113 113 + impl AuthorizeOptions<DefaultStr> { 114 114 + /// Parse and set OAuth scopes from a space-separated scope string. 115 115 + pub fn with_scope_str(mut self, scopes: impl AsRef<str>) -> Result<Self, ParseError> { 116 116 + self.scopes = Scopes::new(SmolStr::new(scopes.as_ref()))?; 117 117 + Ok(self) 118 118 + } 119 119 + 120 120 + /// Set OAuth scopes from one typed scope. 121 121 + pub fn with_scope(self, scope: Scope<SmolStr>) -> Result<Self, ParseError> { 122 122 + self.with_scope_iter([scope]) 123 123 + } 124 124 + 125 125 + /// Set OAuth scopes from typed scope values. 126 126 + pub fn with_scope_iter<I>(mut self, scopes: I) -> Result<Self, ParseError> 127 127 + where 128 128 + I: IntoIterator<Item = Scope<SmolStr>>, 129 129 + { 130 130 + self.scopes = Scopes::from_scopes(scopes)?; 131 131 + Ok(self) 132 132 + } 133 133 + } 134 134 + 135 135 + #[cfg(test)] 136 136 + mod tests { 137 137 + use super::*; 138 138 + 139 139 + #[test] 140 140 + fn authorize_options_accept_scope_string() { 141 141 + let opts = AuthorizeOptions::default() 142 142 + .with_scope_str("rpc:* atproto") 143 143 + .unwrap(); 144 144 + 145 145 + assert_eq!(opts.scopes.to_normalized_string(), "atproto rpc:*"); 146 146 + } 147 147 + 148 148 + #[test] 149 149 + fn authorize_options_accept_typed_scopes() { 150 150 + let opts = AuthorizeOptions::default() 151 151 + .with_scope_iter([ 152 152 + Scope::atproto(), 153 153 + Scope::rpc("app.bsky.feed.getTimeline").unwrap(), 154 154 + Scope::repo_create("app.bsky.feed.post").unwrap(), 155 155 + ]) 156 156 + .unwrap(); 157 157 + 158 158 + assert_eq!( 159 159 + opts.scopes.to_normalized_string(), 160 160 + "atproto repo:app.bsky.feed.post?action=create rpc:app.bsky.feed.getTimeline" 161 161 + ); 162 162 + } 163 163 + 164 164 + #[test] 165 165 + fn authorize_options_accept_built_scopes() { 166 166 + let scopes = Scopes::builder() 167 167 + .atproto() 168 168 + .transition_generic() 169 169 + .rpc("app.bsky.feed.getTimeline") 170 170 + .unwrap() 171 171 + .build() 172 172 + .unwrap(); 173 173 + let opts = AuthorizeOptions::default().with_scopes(scopes); 174 174 + 175 175 + assert_eq!( 176 176 + opts.scopes.to_normalized_string(), 177 177 + "atproto rpc:app.bsky.feed.getTimeline transition:generic" 178 178 + ); 110 179 } 111 180 } 112 181

+2 -2

crates/jacquard/tests/scope_check.rs

Reviewed

··· 8 8 use jacquard::client::Agent; 9 9 use jacquard::deps::fluent_uri::Uri; 10 10 use jacquard::types::did::Did; 11 11 - use jacquard::types::string::Nsid; 11 11 + use jacquard::types::string::{DidService, Nsid}; 12 12 use jacquard::xrpc::XrpcClient; 13 13 use jacquard::{BosStr, IntoStatic}; 14 14 use jacquard_common::http_client::HttpClient; ··· 592 592 )); 593 593 let mut aud = BTreeSet::new(); 594 594 aud.insert(RpcAudience::Did( 595 595 - Did::<SmolStr>::new_static("did:web:api.bsky.app").unwrap(), 595 595 + DidService::<SmolStr>::new_static("did:web:api.bsky.app").unwrap(), 596 596 )); 597 597 let resolved_scopes = Some(vec![Scope::Rpc(RpcScope { lxm, aud })]); 598 598

+12 -16

examples/axum_oauth_session.rs

Reviewed

··· 45 45 client::{Agent, FileAuthStore}, 46 46 common::deps::{fluent_uri::Uri, smol_str::SmolStr}, 47 47 oauth::{ 48 48 - atproto::{AtprotoClientMetadata, GrantType}, 49 49 - client::OAuthClient, 50 50 - keyset::Keyset, 51 51 - scopes::Scopes, 48 48 + atproto::AtprotoClientMetadata, client::OAuthClient, keyset::Keyset, scopes::Scopes, 52 49 session::ClientData, 53 50 }, 54 51 xrpc::XrpcClient, ··· 279 276 .map_err(|(err, _)| miette!("invalid client metadata URL: {err}"))?; 280 277 let redirect_uri = Uri::parse(format!("{base_url}/oauth/callback")) 281 278 .map_err(|(err, _)| miette!("invalid OAuth callback URL: {err}"))?; 282 282 - let scopes = Scopes::new(SmolStr::new_static("atproto rpc:*")) 279 279 + // The atproto scope-builder guide can help choose a suitable scope string: 280 280 + // https://atproto.com/guides/scope-builder. The typed builder below is the 281 281 + // Jacquard equivalent for code, and keeps the XRPC NSID tied to the endpoint type. 282 282 + let scopes = Scopes::builder() 283 283 + .atproto() 284 284 + .rpc_request_aud::<GetTimeline>("did:web:public.api.bsky.app#bsky_appview")? 285 285 + .build() 283 286 .map_err(|err| miette!("invalid OAuth scopes: {err}"))?; 284 287 285 285 - Ok(AtprotoClientMetadata { 288 288 + Ok(AtprotoClientMetadata::new( 289 289 + vec![redirect_uri], 286 290 client_id, 287 287 - client_uri: Some(client_uri), 288 288 - redirect_uris: vec![redirect_uri], 289 289 - grant_types: vec![GrantType::AuthorizationCode, GrantType::RefreshToken], 290 290 - scopes, 291 291 - jwks_uri: None, 292 292 - client_name: Some(SmolStr::new_static("Jacquard Axum OAuth example")), 293 293 - logo_uri: None, 294 294 - tos_uri: None, 295 295 - privacy_policy_uri: None, 296 296 - }) 291 291 + Some(scopes), 292 292 + )) 297 293 } 298 294 299 295 #[derive(Debug)]

+9 -1

examples/create_post.rs

Reviewed

··· 7 7 use jacquard::oauth::types::AuthorizeOptions; 8 8 use jacquard::richtext::RichText; 9 9 use jacquard::types::string::Datetime; 10 10 + use jacquard_oauth::scopes::Scopes; 10 11 11 12 #[derive(Parser, Debug)] 12 13 #[command( ··· 36 37 let Some(session) = oauth 37 38 .resume_or_login_with_local_server( 38 39 &hint, 39 39 - AuthorizeOptions::default(), 40 40 + AuthorizeOptions::default().with_scopes( 41 41 + Scopes::builder() 42 42 + .include_aud( 43 43 + "app.bsky.authCreatePosts", 44 44 + "did:web:public.api.bsky.app#bsky_appview", 45 45 + )? 46 46 + .build()?, 47 47 + ), 40 48 LoopbackConfig::default(), 41 49 ) 42 50 .await?

+4 -1

examples/create_whitewind_post.rs

Reviewed

··· 7 7 use jacquard::oauth::types::AuthorizeOptions; 8 8 use jacquard::types::string::Datetime; 9 9 use jacquard_common::deps::fluent_uri::Uri; 10 10 + use jacquard_oauth::scopes::Scopes; 10 11 use miette::IntoDiagnostic; 11 12 12 13 #[derive(Parser, Debug)] ··· 41 42 let Some(session) = oauth 42 43 .resume_or_login_with_local_server( 43 44 &hint, 44 44 - AuthorizeOptions::default(), 45 45 + AuthorizeOptions::default() 46 46 + // repo record creation scoped to the 'com.whtwnd.blog.entry' NSID 47 47 + .with_scopes(Scopes::builder().repo_create_record::<Entry>().build()?), 45 48 LoopbackConfig::default(), 46 49 ) 47 50 .await?

+12 -5

examples/moderated_timeline.rs

Reviewed

··· 12 12 use jacquard::oauth::types::AuthorizeOptions; 13 13 use jacquard::xrpc::{CallOptions, XrpcClient}; 14 14 use jacquard_api::app_bsky::feed::{ReplyRefParent, ReplyRefRoot}; 15 15 - use jacquard_api::app_bsky::labeler::get_services::GetServicesOutputViewsItem; 15 15 + use jacquard_api::app_bsky::labeler::get_services::{GetServices, GetServicesOutputViewsItem}; 16 16 + use jacquard_oauth::scopes::Scopes; 16 17 use smol_str::ToSmolStr; 17 18 18 19 // To save having to fetch prefs, etc., we're borrowing some from our test cases. ··· 71 72 let Some(session) = oauth 72 73 .resume_or_login_with_local_server( 73 74 &hint, 74 74 - AuthorizeOptions::default(), 75 75 + AuthorizeOptions::default().with_scopes( 76 76 + Scopes::builder() 77 77 + .atproto() 78 78 + .rpc_request_aud::<GetTimeline>("did:web:api.bsky.app#bsky_appview")? 79 79 + .rpc_request_aud::<GetServices>("did:web:api.bsky.app#bsky_appview")? 80 80 + .build()?, 81 81 + ), 75 82 LoopbackConfig::default(), 76 83 ) 77 84 .await? ··· 144 151 .ok() 145 152 .map(|p| p.text.to_string()) 146 153 .unwrap_or_else(|| "<no text>".to_string()); 147 147 - println!("@{}:\n{}", root.author.handle, root_text); 154 154 + println!("@{}:\n{}\n", root.author.handle, root_text); 148 155 } 149 156 } 150 157 let parent_text = from_data::<Post, _>(&parent.record) 151 158 .ok() 152 159 .map(|p| p.text.to_string()) 153 160 .unwrap_or_else(|| "<no text>".to_string()); 154 154 - println!("@{}:\n{}", parent.author.handle, parent_text); 161 161 + println!("@{}:\n{}\n", parent.author.handle, parent_text); 155 162 } 156 163 } 157 157 - println!("@{}:\n{}", post.author.handle, text); 164 164 + println!("@{}:\n{}\n", post.author.handle, text); 158 165 159 166 // Show details for any part with moderation causes 160 167 for (tag, decision) in decisions.iter() {

+18 -4

examples/oauth_timeline.rs

Reviewed

··· 10 10 use jacquard::oauth::client::OAuthResumeOrLogin; 11 11 #[cfg(feature = "loopback")] 12 12 use jacquard::oauth::loopback::LoopbackConfig; 13 13 + use jacquard::oauth::scopes::Scopes; 13 14 use jacquard::oauth::types::AuthorizeOptions; 14 15 #[cfg(not(feature = "loopback"))] 15 16 use jacquard::oauth::types::CallbackParams; ··· 44 45 // Build an OAuth client (this is reusable, and can create multiple sessions). 45 46 let oauth = OAuthClient::new(store, client_data, reqwest::Client::new()); 46 47 let hint = SessionHint::from_optional_input(args.input.as_deref()); 48 48 + // The atproto docs include a scope string builder for choosing permissions: 49 49 + // https://atproto.com/guides/scope-builder. In Jacquard code, use typed 50 50 + // helpers when possible so scope NSIDs stay tied to endpoint types. 51 51 + let timeline_scopes = Scopes::builder() 52 52 + .atproto() 53 53 + .rpc_request_aud::<GetTimeline>("did:web:api.bsky.app#bsky_appview")? 54 54 + .build()?; 47 55 48 56 #[cfg(feature = "loopback")] 49 57 let session = match oauth 50 58 .resume_or_login_with_local_server( 51 59 &hint, 52 52 - AuthorizeOptions::default(), 60 60 + AuthorizeOptions::default().with_scopes(timeline_scopes.clone()), 53 61 LoopbackConfig::default(), 54 62 ) 55 63 .await? ··· 60 68 oauth 61 69 .login_with_local_server( 62 70 input, 63 63 - AuthorizeOptions::default(), 71 71 + AuthorizeOptions::default().with_scopes(timeline_scopes.clone()), 64 72 LoopbackConfig::default(), 65 73 ) 66 74 .await? ··· 69 77 70 78 #[cfg(not(feature = "loopback"))] 71 79 let session = match oauth 72 72 - .resume_or_start_auth(&hint, AuthorizeOptions::default()) 80 80 + .resume_or_start_auth( 81 81 + &hint, 82 82 + AuthorizeOptions::default().with_scopes(timeline_scopes.clone()), 83 83 + ) 73 84 .await 74 85 { 75 86 Ok(OAuthResumeOrLogin::Resumed(session)) => session, ··· 77 88 Ok(OAuthResumeOrLogin::NeedsInput) => { 78 89 let input = prompt_login_input(&args.store)?; 79 90 match oauth 80 80 - .resume_or_start_auth_for(input, AuthorizeOptions::default()) 91 91 + .resume_or_start_auth_for( 92 92 + input, 93 93 + AuthorizeOptions::default().with_scopes(timeline_scopes.clone()), 94 94 + ) 81 95 .await? 82 96 { 83 97 OAuthResumeOrLogin::Resumed(session) => session,

+9 -1

examples/post_with_image.rs

Reviewed

··· 8 8 use jacquard::oauth::types::AuthorizeOptions; 9 9 use jacquard::types::blob::MimeType; 10 10 use jacquard::types::string::Datetime; 11 11 + use jacquard_oauth::scopes::Scopes; 11 12 use miette::IntoDiagnostic; 12 13 use smol_str::SmolStr; 13 14 use std::path::PathBuf; ··· 44 45 let Some(session) = oauth 45 46 .resume_or_login_with_local_server( 46 47 &hint, 47 47 - AuthorizeOptions::default(), 48 48 + AuthorizeOptions::default().with_scopes( 49 49 + Scopes::builder() 50 50 + .include_aud( 51 51 + "app.bsky.authCreatePosts", 52 52 + "did:web:public.api.bsky.app#bsky_appview", 53 53 + )? 54 54 + .build()?, 55 55 + ), 48 56 LoopbackConfig::default(), 49 57 ) 50 58 .await?

+9 -1

examples/update_preferences.rs

Reviewed

··· 7 7 use jacquard::oauth::client::OAuthClient; 8 8 use jacquard::oauth::loopback::LoopbackConfig; 9 9 use jacquard::oauth::types::AuthorizeOptions; 10 10 + use jacquard_oauth::scopes::Scopes; 10 11 11 12 #[derive(Parser, Debug)] 12 13 #[command(author, version, about = "Update Bluesky preferences")] ··· 32 33 let Some(session) = oauth 33 34 .resume_or_login_with_local_server( 34 35 &hint, 35 35 - AuthorizeOptions::default(), 36 36 + AuthorizeOptions::default().with_scopes( 37 37 + Scopes::builder() 38 38 + .include_aud( 39 39 + "app.bsky.authFullApp", 40 40 + "did:web:public.api.bsky.app#bsky_appview", 41 41 + )? 42 42 + .build()?, 43 43 + ), 36 44 LoopbackConfig::default(), 37 45 ) 38 46 .await?

+9 -1

examples/update_profile.rs

Reviewed

··· 6 6 use jacquard::oauth::loopback::LoopbackConfig; 7 7 use jacquard::oauth::types::AuthorizeOptions; 8 8 use jacquard::types::string::AtUri; 9 9 + use jacquard_oauth::scopes::Scopes; 9 10 use smol_str::SmolStr; 10 11 11 12 #[derive(Parser, Debug)] ··· 36 37 let Some(session) = oauth 37 38 .resume_or_login_with_local_server( 38 39 &hint, 39 39 - AuthorizeOptions::default(), 40 40 + AuthorizeOptions::default().with_scopes( 41 41 + Scopes::builder() 42 42 + .include_aud( 43 43 + "app.bsky.authManageProfile", 44 44 + "did:web:public.api.bsky.app#bsky_appview", 45 45 + )? 46 46 + .build()?, 47 47 + ), 40 48 LoopbackConfig::default(), 41 49 ) 42 50 .await?