This repository features an example implementation of an AT Protocol (BlueSky) OAuth client, designed using Astro. Uniquely, this implementation does not rely on the AT Protocol SDK and avoids using any Node-specific APIs, apart from process.env. This ensures compatibility with various runtimes, including Cloudflare Workers, providing flexibility in deployment.

Key Features:

• Confidential OAuth Clients: When deployed, this example utilizes confidential OAuth clients which require the use of signed JWTs for authentication.
• Secure Signatures: The example employs JWTs that are signed with ECDSA using the P-256 curve for heightened security.

Getting Started:

To see this in action, you can easily set up the example locally by installing dependencies and starting the server:

pnpm i
pnpm dev

Deployment Essentials:

For production, you will need to generate secure private and public keys using openssl. The commands to create these keys are as follows:

openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve | openssl pkcs8 -topk8 -nocrypt -outform pem > oauth-private-key.pem
openssl ec -in oauth-private-key.pem -pubout > oauth-public-key.pem

The generation process will yield two files: oauth-private-key.pem and oauth-public-key.pem. Ensure to set these keys as environment variables accurately:

OAUTH_PRIVATE_KEY="[Your_Private_Key_Base64_String]"
OAUTH_PUBLIC_KEY="[Your_Public_Key_Base64_String]"

Moreover, set the OAUTH_KEY_PAIR_ID with a user-friendly identifier:

OAUTH_KEY_PAIR_ID="your_key_pair_id"

Finally, configure your site's public URL to finalize the setup:

PUBLIC_URL="https://yourwebsite.com"

This example aims to streamline the integration of the AT Protocol's OAuth functionality into your application, paving the way for secure user authentication across various platforms.