Bluesky OAuthlient, with Vanilla JavaScript-JS Tutorial-php.cn

Home

Web Front-end

JS Tutorial

Bluesky OAuthlient, with Vanilla JavaScript

Susan Sarandon

Jan 22, 2025 am 08:34 AM

This post details integrating Bluesky Authentication (OAuth DPoP) into a serverless client application using only Vanilla JavaScript. It's a conceptual illustration, not a fully functional example due to token expiration.

Bluesky OAuthlient, with Vanilla JavaScript

Introduction

We'll explore how to implement Bluesky authentication in a JavaScript application without relying on external frameworks.

Disclaimer

This is a tutorial demonstrating the process. Due to the ephemeral nature of authentication tokens, it won't function as a standalone, perpetually working example. Please report any errors.

OAuth Authentication

For a serverless application requiring user authentication, we can leverage a third-party authority like Bluesky. This uses the OAuth 2.0 protocol. More details on Bluesky's OAuth implementation can be found in the OAuth - AT Protocol documentation.

Client Metadata

To utilize Bluesky authentication, our application needs to be recognized by Bluesky's authentication servers. This is achieved via a client metadata file (e.g., client-metadata.json) containing application information. This allows for automated client registration, eliminating the need for manual server registration. The metadata file must be accessible via HTTPS.

An example metadata file (accessible at https://www.php.cn/link/db817217c5d9b196aa39cfeb0ce889e4):

{
  "client_id":"https://www.php.cn/link/db817217c5d9b196aa39cfeb0ce889e4",
  "application_type":"web",
  "grant_types":[
    "authorization_code",
    "refresh_token"
  ],
  "scope":"atproto transition:generic transition:chat.bsky",
  "response_types":[
    "code id_token",
    "code"
  ],
  "redirect_uris":[
    "https://madrilenyer.neocities.org/bsky/oauth/callback/"
  ],
  "dpop_bound_access_tokens":true,
  "token_endpoint_auth_method":"none",
  "client_name":"Madrilenyer Example Browser App",
  "client_uri":"https://madrilenyer.neocities.org/bsky/"
}

This file describes our application to the Bluesky authentication servers.

Core Authentication Requirements

To authenticate a user, we minimally require their Bluesky handle. The handle is the portion of the Bluesky profile URL after https://bsky.app/profile/.

Retrieving User Data

Retrieve DID: Given a user's handle, we can fetch their Decentralized Identifier (DID) using an API call (e.g., https://bsky.social/xrpc/com.atproto.identity.resolveHandle?handle=<handle></handle>).
Retrieve DID Document: Using the DID, we retrieve the DID Document from the PLC API (https://plc.directory/<did></did>). This document contains the user's PDS (Personal Data Server) URL.
Retrieve PDS Metadata: The PDS URL (serviceEndpoint in the DID Document) is used to fetch the PDS metadata from /.well-known/oauth-protected-resource. This metadata provides the authorization server URL.
Authorization Server Discovery: The authorization server URL is used to retrieve its metadata from /.well-known/oauth-authorization-server. This metadata contains crucial endpoints like the authorization endpoint, token endpoint, and pushed authorization request (PAR) endpoint.

The subsequent steps involve using the discovered endpoints and PKCE (Proof Key for Code Exchange) to obtain the user's access token, a process involving PAR requests, DPoP (Demonstrate Proof of Possession) for enhanced security, and handling redirects. The detailed Javascript code for these steps, while omitted for brevity, would involve making several API calls and handling the responses. The official Bluesky TypeScript client is a more robust and recommended alternative for production applications.

The above is the detailed content of Bluesky OAuthlient, with Vanilla JavaScript. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Is JavaScript Written in C? Examining the EvidenceApr 25, 2025 am 12:15 AM

Yes, the engine core of JavaScript is written in C. 1) The C language provides efficient performance and underlying control, which is suitable for the development of JavaScript engine. 2) Taking the V8 engine as an example, its core is written in C, combining the efficiency and object-oriented characteristics of C. 3) The working principle of the JavaScript engine includes parsing, compiling and execution, and the C language plays a key role in these processes.

JavaScript's Role: Making the Web Interactive and DynamicApr 24, 2025 am 12:12 AM

JavaScript is at the heart of modern websites because it enhances the interactivity and dynamicity of web pages. 1) It allows to change content without refreshing the page, 2) manipulate web pages through DOMAPI, 3) support complex interactive effects such as animation and drag-and-drop, 4) optimize performance and best practices to improve user experience.

C and JavaScript: The Connection ExplainedApr 23, 2025 am 12:07 AM

C and JavaScript achieve interoperability through WebAssembly. 1) C code is compiled into WebAssembly module and introduced into JavaScript environment to enhance computing power. 2) In game development, C handles physics engines and graphics rendering, and JavaScript is responsible for game logic and user interface.

From Websites to Apps: The Diverse Applications of JavaScriptApr 22, 2025 am 12:02 AM

JavaScript is widely used in websites, mobile applications, desktop applications and server-side programming. 1) In website development, JavaScript operates DOM together with HTML and CSS to achieve dynamic effects and supports frameworks such as jQuery and React. 2) Through ReactNative and Ionic, JavaScript is used to develop cross-platform mobile applications. 3) The Electron framework enables JavaScript to build desktop applications. 4) Node.js allows JavaScript to run on the server side and supports high concurrent requests.

Python vs. JavaScript: Use Cases and Applications ComparedApr 21, 2025 am 12:01 AM

Python is more suitable for data science and automation, while JavaScript is more suitable for front-end and full-stack development. 1. Python performs well in data science and machine learning, using libraries such as NumPy and Pandas for data processing and modeling. 2. Python is concise and efficient in automation and scripting. 3. JavaScript is indispensable in front-end development and is used to build dynamic web pages and single-page applications. 4. JavaScript plays a role in back-end development through Node.js and supports full-stack development.

The Role of C/C in JavaScript Interpreters and CompilersApr 20, 2025 am 12:01 AM

C and C play a vital role in the JavaScript engine, mainly used to implement interpreters and JIT compilers. 1) C is used to parse JavaScript source code and generate an abstract syntax tree. 2) C is responsible for generating and executing bytecode. 3) C implements the JIT compiler, optimizes and compiles hot-spot code at runtime, and significantly improves the execution efficiency of JavaScript.

JavaScript in Action: Real-World Examples and ProjectsApr 19, 2025 am 12:13 AM

JavaScript's application in the real world includes front-end and back-end development. 1) Display front-end applications by building a TODO list application, involving DOM operations and event processing. 2) Build RESTfulAPI through Node.js and Express to demonstrate back-end applications.

JavaScript and the Web: Core Functionality and Use CasesApr 18, 2025 am 12:19 AM

The main uses of JavaScript in web development include client interaction, form verification and asynchronous communication. 1) Dynamic content update and user interaction through DOM operations; 2) Client verification is carried out before the user submits data to improve the user experience; 3) Refreshless communication with the server is achieved through AJAX technology.

See all articles