Log in

Home » Oreps » Atproto » All Releases » @[email protected] Release

bluesky-social/atproto

Social networking technology created by Bluesky

0

Commit Activity

Directory Browser

Velocity History

Releases@atproto/[email protected]

Basic Details Issues Addressed Top Contributors Directory Browser Release Notes

Atproto @atproto/[email protected]

Atproto: @atproto/[email protected] Release

Release date:

August 27, 2024

Previous version:

@atproto/[email protected] (released August 20, 2024)

Magnitude:

2,997 Diff Delta

Contributors:

6 total committers

Data confidence:

Commits:

14

14 Commits in this Release

Ordered by the degree to which they evolved the repo in this version.

Instantiate XrpcClient from an OAuthAgent (#2714)

Authored August 22, 2024

quote aggs, list quotes (#2658)

Authored August 21, 2024

Compute 3p blocks for `ReplyRef.root` (#2721)

Authored August 20, 2024

Improved control over JWT's typ claim (#2743)

Authored August 27, 2024

Version packages (#2732)

Authored August 21, 2024

Version packages (#2736)

Authored August 22, 2024

filter posts with an embed block (#2740)

Authored August 23, 2024

filter blocks in curate list (#2720)

Authored August 21, 2024

Deprecate Agent.accountDid in favor of Agent.assertDid

Authored August 26, 2024

Return `ThreadgateView` on response from `getPostThread` (#2737)

Authored August 22, 2024

Use corepack to manage the pnpm version (#2680)

Authored August 26, 2024

fix workflow yaml

Authored August 27, 2024

Appview: fix uri used to place threadgate in getPostThread response (#2741)

Authored August 23, 2024

Add `quoteCount` to `embed` view (#2735)

Authored August 22, 2024

Browse Other Releases

Latest Pending Unreleased 😎

@atproto/[email protected] Released October 4, 2024

@atproto/[email protected] Released October 3, 2024

@atproto/[email protected] Released October 1, 2024

@atproto/[email protected] Released September 27, 2024

@atproto/[email protected] Released August 27, 2024

@atproto/[email protected] Released August 27, 2024

@atproto/[email protected] Released August 20, 2024

@atproto/[email protected] Released August 12, 2024

@atproto/[email protected] Released July 12, 2024

@atproto/[email protected] Released June 18, 2024

Top Contributors in @atproto/[email protected]

matthieusieben

haileyok

estrattonbailey

github-actions[bot]

mozzius

devinivy

Directory Browser for @atproto/[email protected]

We haven't yet finished calculating and confirming the files and directories changed in this release. Please check back soon.

Release Notes Published

Minor Changes

#2734 dee817b6e Thanks @matthieusieben! - Remove "nonce" from authorization request
#2734 dee817b6e Thanks @matthieusieben! - Mandate the use of "atproto" scope
#2734 dee817b6e Thanks @matthieusieben! - Remove "openid" compatibility. The reason is that although we were technically "openid" compatible, ATProto identifiers are distributed identifiers. When a client relies on OpenID to authenticate users, it will use the auth provider in combination with the identifier to uniquely identify the user. Since ATProto identifiers are meant to be able to move from one provider to the other, OpenID compatibility could break authentication after a user was migrated to a different provider.

The way OpenID compliant clients would adapt to this particularity would typically be to remove the provider + identifier combination and use the identifier alone. While this is indeed the right way to handle ATProto identifiers, it requires more work to avoid impersonation. In particular, when obtaining a user identifier, the client must verify that the issuer of the identity token is indeed the server responsible for that user. This mechanism being not enforced by the OpenID standard, OpenID compatibility could lead to security issues. For this reason, we decided to remove OpenID compatibility from the OAuth provider.

Note that a trusted central authority could still offer OpenID compatibility by relying on ATProto's regular OAuth flow under the hood. This capability is out of the scope of this library.

Patch Changes

#2734 dee817b6e Thanks @matthieusieben! - Display requested scopes during the auth flow
#2734 dee817b6e Thanks @matthieusieben! - Generate proper invalid_authorization_details
#2734 dee817b6e Thanks @matthieusieben! - Stronger CORS protections
#2734 dee817b6e Thanks @matthieusieben! - Do not require user consent during oauth flow for first party apps.
#2734 dee817b6e Thanks @matthieusieben! - Improve reporting of validation errors
Updated dependencies [dee817b6e, dee817b6e, dee817b6e]:
- @atproto/[email protected]

GitClear uses cookies to ensure you get the best experience on our website. Learn more