Skip to content

feat(pds): implement JWT session authentication for Bluesky app login#6

Merged
ascorbic merged 1 commit into
mainfrom
feat/session-auth
Dec 27, 2025
Merged

feat(pds): implement JWT session authentication for Bluesky app login#6
ascorbic merged 1 commit into
mainfrom
feat/session-auth

Conversation

@ascorbic
Copy link
Copy Markdown
Owner

@ascorbic ascorbic commented Dec 27, 2025

Summary

  • Add session endpoints (createSession, refreshSession, getSession, deleteSession) for Bluesky app login
  • Implement HS256 JWT signing with jose library and bcrypt password verification
  • Auth middleware now accepts both static AUTH_TOKEN and JWT access tokens for backwards compatibility
  • Add setup scripts (pnpm setup:password, pnpm setup:jwt-secret) using clack prompts

New Environment Variables

Variable Purpose
JWT_SECRET HS256 secret for signing session tokens (required)
PASSWORD_HASH Bcrypt hash for app login (optional, for password auth)

Test Plan

  • 15 new session tests added (73 total tests passing)
  • Login with handle + password
  • Login with DID + password
  • Token refresh with refresh JWT
  • Reject invalid passwords
  • Reject access token for refresh endpoint
  • Accept access token for write operations
  • Static AUTH_TOKEN still works for API access

🤖 Generated with Claude Code

@ascorbic @claude
feat(pds): implement JWT session authentication for Bluesky app login
878b19e 
Add session endpoints (createSession, refreshSession, getSession, deleteSession)
with HS256 JWT signing using jose library and bcrypt password verification.
Auth middleware now accepts both static AUTH_TOKEN and JWT access tokens.

- createSession: login with identifier (handle/DID) + password
- refreshSession: token rotation with refresh JWT
- getSession: get current session info
- Setup scripts for PASSWORD_HASH and JWT_SECRET secrets

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented Dec 27, 2025

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs		 atproto-pds 878b19e Dec 27 2025, 04:20 PM

@ascorbic ascorbic merged commit 226f6f3 into main Dec 27, 2025
3 checks passed
@ascorbic ascorbic deleted the feat/session-auth branch December 27, 2025 16:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ascorbic