add more xrpc endpoints#218
Conversation
[Inter-Service Authentication (JWT)](https://atproto.com/specs/xrpc) from the XRPC doc specifies that the user's DID is passed in the `iss` (issuer) field. The JWT from the bearer token that the client receives from the PDS happens to put it in `sub` (subject) but this token is meant to be opaque to clients and confidential to the PDS. I don't think third-party appviews can ever use that token safely, since only the PDS can verify it. This change makes AppViewLite look instead for `Issuer` which should make xrpc-proxied requests _work_, but note that it's still not verifying the JWT, so these tokens can be trivially forged. Assuming this works, the token can be verified with the users's pubkey, and then this will be closer to being safe.
I'm not sure if I'm doing this the right way but it seems to work.
need to fix but hopefully this at least helps social-app render
this might have been more effort than actually implementing the list lookup...
it's going to need collection and rkey isn't it
confidence this stub will help anything: zero.
ksjfdlakjslf
|
I implemented the 3 methods that you needed and many others: 4af131f |
|
wow amazing!! just deployed and i'm getting a few errors
it didn't get far enough to fail at seems a little tricky -- i started hacking on it but it might need more changes around XRPC support to make sense. |
|
getFeedGenerators, getProfiles, and getPosts should now be fixed.
so the path followed by getTimeline is Note that my setup is different: Client -> AppView, so things might behave differently |
trying to follow the errors i'm getting from deer to add enough xrpc to get things somewhat more working.
this builds on #215 since i need that on my prod deploy, but if you're interested in merging it without i can rebase it out!
so far this only adds one missing xrpc endpoint,
app.bsky.actor.getProfiles xrpc endpoint. this is my first c# code so sorry if it's off the style from this repo -- happy to change it however is useful!