Server side OAuth support?

[WamWooWam]

I've been trying to use FishyFlip in a server side OAuth environment and I can't seem to find a way to handle either client_assertion or DPoP on the actual HttpClient used by FishyFlip for requests.

I can't confidently say this is missing functionality because I'm honestly still unsure on the specifics of ATProto OAuth, so if I'm barking up the wrong tree please do let me know

After adding a ClientAssertion handler and using Duende.IdentityModel.OidcClient.DPoP.ProofTokenMessageHandler, I've managed to make server-side authenticated requests. Still not super confident but I can create a pull request with my changes if you'd like

[drasticactions]

I would be interested to see how you handle it in this context. When designing it, I wasn't thinking about it being used in this context. It was always intended for client-based applications or WASM, as they are similar enough to a local app.

As long as there's a way to validate your changes (Tests would be awesome, or an example app) I would be interested in reviewing/pulling it in.

https://github.com/drasticactions/ffexamples/tree/main/samples/BSkyOauth

For an end-user application, I do have examples of OAuth using served client-metadata.json, but there are no built-in functions intended for servers.

[mattgreen]

Hey @WamWooWam, if you have this code lying around somewhere still I'd be happy to poke at it and push it along.

[drasticactions]

@mattgreen Since this post, I do have an experimental Asp.NET Core Library library that should theoretically handle OAuth and Password support.

This library was intended for someone like @WamWooWam for what they're doing. Since I'm not using this to build an ASP.NET site, I don't have a need to invest in it at the moment.

[mattgreen]

Understand. I will play with that. Thank you for a killer library!