A fork of the Cocoon PDS but being made more distributed.
11

Configure Feed

Select the types of activity you want to include in your feed.

trying some things out trying to get local apps hitting oauth

Signed-off-by: Will Andrews <will7989@hotmail.com>

Will Andrews (Jan 23, 2026, 4:17 PM UTC) e866917e 43b90560

+26 -8
+2 -1
cmd/cocoon/main.go
··· 6 6 "crypto/rand" 7 7 "encoding/json" 8 8 "fmt" 9 + "log/slog" 9 10 "os" 10 11 "time" 11 12 ··· 180 181 Flags: []cli.Flag{}, 181 182 Action: func(cmd *cli.Context) error { 182 183 183 - logger := telemetry.StartLogger(cmd) 184 + logger := telemetry.StartLogger(cmd, telemetry.WithLevel(slog.LevelWarn)) 184 185 telemetry.StartMetrics(cmd) 185 186 186 187 s, err := server.New(&server.Args{
+24 -7
oauth/provider/client_auth.go
··· 6 6 "encoding/base64" 7 7 "errors" 8 8 "fmt" 9 + "log/slog" 10 + "strings" 9 11 "time" 10 12 11 13 "github.com/golang-jwt/jwt/v4" ··· 25 27 } 26 28 27 29 func (p *Provider) AuthenticateClient(ctx context.Context, req AuthenticateClientRequestBase, proof *dpop.Proof, opts *AuthenticateClientOptions) (*client.Client, *ClientAuth, error) { 28 - client, err := p.ClientManager.GetClient(ctx, req.ClientID) 29 - if err != nil { 30 - return nil, nil, fmt.Errorf("failed to get client: %w", err) 30 + var c *client.Client 31 + var err error 32 + 33 + slog.Warn("client ID", "is", req.ClientID) 34 + 35 + if !strings.Contains(req.ClientID, "localhost") { 36 + c, err = p.ClientManager.GetClient(ctx, req.ClientID) 37 + if err != nil { 38 + return nil, nil, fmt.Errorf("failed to get client: %w", err) 39 + } 40 + } else { 41 + c = &client.Client{ 42 + Metadata: &client.Metadata{ 43 + ClientID: req.ClientID, 44 + TokenEndpointAuthMethod: "none", 45 + DpopBoundAccessTokens: true, 46 + }, 47 + } 31 48 } 32 49 33 - if client.Metadata.DpopBoundAccessTokens && proof == nil && (opts == nil || !opts.AllowMissingDpopProof) { 50 + if c.Metadata.DpopBoundAccessTokens && proof == nil && (opts == nil || !opts.AllowMissingDpopProof) { 34 51 return nil, nil, errors.New("dpop proof required") 35 52 } 36 53 37 - if proof != nil && !client.Metadata.DpopBoundAccessTokens { 54 + if proof != nil && !c.Metadata.DpopBoundAccessTokens { 38 55 return nil, nil, errors.New("dpop proof not allowed for this client") 39 56 } 40 57 41 - clientAuth, err := p.Authenticate(ctx, req, client) 58 + clientAuth, err := p.Authenticate(ctx, req, c) 42 59 if err != nil { 43 60 return nil, nil, err 44 61 } 45 62 46 - return client, clientAuth, nil 63 + return c, clientAuth, nil 47 64 } 48 65 49 66 func (p *Provider) Authenticate(_ context.Context, req AuthenticateClientRequestBase, client *client.Client) (*ClientAuth, error) {