Bluesky OAuthlient, with Vanilla JavaScript-JS Tutorial-php.cn

Home

Web Front-end

JS Tutorial

Bluesky OAuthlient, with Vanilla JavaScript

Susan Sarandon

Jan 22, 2025 am 08:34 AM

This post details integrating Bluesky Authentication (OAuth DPoP) into a serverless client application using only Vanilla JavaScript. It's a conceptual illustration, not a fully functional example due to token expiration.

Bluesky OAuthlient, with Vanilla JavaScript

Introduction

We'll explore how to implement Bluesky authentication in a JavaScript application without relying on external frameworks.

Disclaimer

This is a tutorial demonstrating the process. Due to the ephemeral nature of authentication tokens, it won't function as a standalone, perpetually working example. Please report any errors.

OAuth Authentication

For a serverless application requiring user authentication, we can leverage a third-party authority like Bluesky. This uses the OAuth 2.0 protocol. More details on Bluesky's OAuth implementation can be found in the OAuth - AT Protocol documentation.

Client Metadata

To utilize Bluesky authentication, our application needs to be recognized by Bluesky's authentication servers. This is achieved via a client metadata file (e.g., client-metadata.json) containing application information. This allows for automated client registration, eliminating the need for manual server registration. The metadata file must be accessible via HTTPS.

An example metadata file (accessible at https://www.php.cn/link/db817217c5d9b196aa39cfeb0ce889e4):

{
  "client_id":"https://www.php.cn/link/db817217c5d9b196aa39cfeb0ce889e4",
  "application_type":"web",
  "grant_types":[
    "authorization_code",
    "refresh_token"
  ],
  "scope":"atproto transition:generic transition:chat.bsky",
  "response_types":[
    "code id_token",
    "code"
  ],
  "redirect_uris":[
    "https://madrilenyer.neocities.org/bsky/oauth/callback/"
  ],
  "dpop_bound_access_tokens":true,
  "token_endpoint_auth_method":"none",
  "client_name":"Madrilenyer Example Browser App",
  "client_uri":"https://madrilenyer.neocities.org/bsky/"
}

This file describes our application to the Bluesky authentication servers.

Core Authentication Requirements

To authenticate a user, we minimally require their Bluesky handle. The handle is the portion of the Bluesky profile URL after https://bsky.app/profile/.

Retrieving User Data

Retrieve DID: Given a user's handle, we can fetch their Decentralized Identifier (DID) using an API call (e.g., https://bsky.social/xrpc/com.atproto.identity.resolveHandle?handle=<handle></handle>).
Retrieve DID Document: Using the DID, we retrieve the DID Document from the PLC API (https://plc.directory/<did></did>). This document contains the user's PDS (Personal Data Server) URL.
Retrieve PDS Metadata: The PDS URL (serviceEndpoint in the DID Document) is used to fetch the PDS metadata from /.well-known/oauth-protected-resource. This metadata provides the authorization server URL.
Authorization Server Discovery: The authorization server URL is used to retrieve its metadata from /.well-known/oauth-authorization-server. This metadata contains crucial endpoints like the authorization endpoint, token endpoint, and pushed authorization request (PAR) endpoint.

The subsequent steps involve using the discovered endpoints and PKCE (Proof Key for Code Exchange) to obtain the user's access token, a process involving PAR requests, DPoP (Demonstrate Proof of Possession) for enhanced security, and handling redirects. The detailed Javascript code for these steps, while omitted for brevity, would involve making several API calls and handling the responses. The official Bluesky TypeScript client is a more robust and recommended alternative for production applications.

The above is the detailed content of Bluesky OAuthlient, with Vanilla JavaScript. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Replace String Characters in JavaScriptMar 11, 2025 am 12:07 AM

Detailed explanation of JavaScript string replacement method and FAQ This article will explore two ways to replace string characters in JavaScript: internal JavaScript code and internal HTML for web pages. Replace string inside JavaScript code The most direct way is to use the replace() method: str = str.replace("find","replace"); This method replaces only the first match. To replace all matches, use a regular expression and add the global flag g: str = str.replace(/fi

Custom Google Search API Setup TutorialMar 04, 2025 am 01:06 AM

This tutorial shows you how to integrate a custom Google Search API into your blog or website, offering a more refined search experience than standard WordPress theme search functions. It's surprisingly easy! You'll be able to restrict searches to y

8 Stunning jQuery Page Layout PluginsMar 06, 2025 am 12:48 AM

Leverage jQuery for Effortless Web Page Layouts: 8 Essential Plugins jQuery simplifies web page layout significantly. This article highlights eight powerful jQuery plugins that streamline the process, particularly useful for manual website creation

Build Your Own AJAX Web ApplicationsMar 09, 2025 am 12:11 AM

So here you are, ready to learn all about this thing called AJAX. But, what exactly is it? The term AJAX refers to a loose grouping of technologies that are used to create dynamic, interactive web content. The term AJAX, originally coined by Jesse J

What is 'this' in JavaScript?Mar 04, 2025 am 01:15 AM

Core points This in JavaScript usually refers to an object that "owns" the method, but it depends on how the function is called. When there is no current object, this refers to the global object. In a web browser, it is represented by window. When calling a function, this maintains the global object; but when calling an object constructor or any of its methods, this refers to an instance of the object. You can change the context of this using methods such as call(), apply(), and bind(). These methods call the function using the given this value and parameters. JavaScript is an excellent programming language. A few years ago, this sentence was

10 Mobile Cheat Sheets for Mobile DevelopmentMar 05, 2025 am 12:43 AM

This post compiles helpful cheat sheets, reference guides, quick recipes, and code snippets for Android, Blackberry, and iPhone app development. No developer should be without them! Touch Gesture Reference Guide (PDF) A valuable resource for desig

Improve Your jQuery Knowledge with the Source ViewerMar 05, 2025 am 12:54 AM

jQuery is a great JavaScript framework. However, as with any library, sometimes it’s necessary to get under the hood to discover what’s going on. Perhaps it’s because you’re tracing a bug or are just curious about how jQuery achieves a particular UI

How do I create and publish my own JavaScript libraries?Mar 18, 2025 pm 03:12 PM

Article discusses creating, publishing, and maintaining JavaScript libraries, focusing on planning, development, testing, documentation, and promotion strategies.

See all articles