OAuth Authentication Flow Support

[Dev4rno]

Description

I'm integrating Bluesky authentication via OAuth into a web app with a custom backend built on atproto.blue and FastAPI. I've successfully implemented the frontend OAuth flow using @atproto/oauth-client-browser, but I'm struggling to use the acquired data to authenticate my atproto.blue client instance.

Use Case

I need an authenticated client instance to perform specific queries and calculations via a custom service:

from atproto_client import Client

class BlueskyService:

  def __init__(self, client: Client):
    if not isinstance(client, Client):
      raise ConnectionRefusedError("Invalid atproto client instance")
    self.client = client

  def get_followers(self, handle: str) -> set[str]:
    following = self.client.app.bsky.graph.get_followers(params={"actor": handle}) 
    # ... calculate some cool stuff ...

From what I've gathered, the only authentication options are client.login('handle', 'password') or client.login(session_string="exported_session_string_after_successful_authentication"), and I'm failing to understand how (or if) I can achieve either of these with OAuth on the frontend. I've examined the exported session string format handle:::did:::accessToken:::refreshToken:::serviceEndpoint but can't determine how to properly construct this.

Request

Could you please add support for:

• Authenticating a Client instance using the OAuth session data.
• A clear example of how to integrate with frontend OAuth flows.
• Documentation on the proper way to handle the OAuth flow in a web application context.

Many apps will need to implement Bluesky authentication without handling user passwords directly. A standardised OAuth flow would greatly improve security and user experience across all applications.

Is something like this even possible?

Thanks for your time and hard work! 🙏

[MarshalX]

That's something in TODO that should be implemented to provide more easy way to implement oauth. Of course SDK could help with implementing some basics, but will not provide one line solution. And, to be honest, the priority for it is pretty low. Probably, you are the second at most who wants it in this SDK

[Dev4rno]

Thanks for the update! Totally understandable that it’s a low priority, and I appreciate the insight.

That said, I’d be more than happy with any kind of workaround, hack, or guidance you can offer - just something to help me move forward. I’ve hit a point where I’m burning too many hours trying to piece it together on my own, so I figured I’d reach out before going in circles any longer.

If there’s anything you can share, I’d really appreciate it!

Thanks again for your time. 🙏

[MarshalX]

I highly recommend to start from this: https://github.com/bluesky-social/cookbook/tree/main/python-oauth-web-app

It will be cool if you could provide lists of lacked features in SDK to implement that cookbook more easily. That will help for future development

[ECAllen]

I came here looking for OAuth also. Just dropping a note here to let you know there is some demand. I guess it has to be done using other python packages for now.

[zzstoatzz]

just heads up i have started using an oauth impl in my fork here: https://github.com/zzstoatzz/atproto

so far it serves my needs, and is roughly an extension of #589 but i haven't cleaned it up for upstream contribution yet