Implement flow for reauthenticating the user to request additional scopes #266
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for GitHub.
3 Skipped Deployments
|
vercel
bot
temporarily deployed
to
Preview – frontpage-oauth-preview-client
vercel
bot
temporarily deployed
to
Preview – frontpage-oauth-preview-client
tom-sherman
commented
Jul 29, 2025
| appUrl: string; | ||
| }; | ||
|
|
||
| export const AUTH_SCOPES = "atproto transition:generic"; |
There was a problem hiding this comment.
If everything works correctly in this PR it should just be a matter of deploying the app with new scopes here. This can be done as a followup PR when implementing user email storage.
tom-sherman
commented
Jul 29, 2025
| if (!session) { | ||
| redirect("/login?error=You've been logged out. Please log in again."); | ||
| } | ||
| const result = await signIn({ |
There was a problem hiding this comment.
If this is successful we should probably delete the old session here. Could just leave it orphaned and let it expire naturally tho.
vercel
bot
temporarily deployed
to
Preview – frontpage-oauth-preview-client
vercel
bot
temporarily deployed
to
Preview – frontpage-oauth-preview-client
tom-sherman
force-pushed
the
reauthenticate-flow
branch
from
c0f7df3 to
93770f6
Compare
vercel
bot
temporarily deployed
to
Preview – frontpage-oauth-preview-client
vercel
bot
temporarily deployed
to
Preview – frontpage-oauth-preview-client
tom-sherman
force-pushed
the
reauthenticate-flow
branch
from
d095354 to
5465f67
Compare
vercel
bot
temporarily deployed
to
Preview – frontpage-oauth-preview-client
vercel
bot
temporarily deployed
to
Preview – frontpage-oauth-preview-client
|
Split into stacked PRs #272 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Draft for now because it doesn't work lol. Also will need to split out the database change and merge/migrate that before. Do not be scared by the number of lines changed, this is mostly (+1159 lines) the db migration snapshot 😆
This is the first step in implementing user email storage. Will also lay the groundwork for requesting new scopes when oauth scopes are shipped in atproto.
This involves sending the user back through the Auth flow with the additional scopes attached (including the old ones too)
The way this PR implements this is to store the scopes that the user logs in with in my session database, then when they use the app with different scopes to what we currently require (check in middleware), reauthenticate them as above.
We don't reauthenticate the user without telling them what's happening, they'll be presented with a page (/reauthenticate) beforehand (design still WIP):