Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

atproto-ecosystem/app-passwords.md

Go to file
@arcalinea
arcalinea Update app-passwords.md
Latest commit 2ce1d7a Apr 22, 2023 History
3 contributors

Users who have contributed to this file

22 lines (17 sloc) 1.07 KB
Raw Blame
Open in GitHub Desktop

App Password

To allow users to start logging in with app passwords, you won't need to change a thing! Users will be able to log into your client with an "app password" in the exact same way that they log in with their account password.

App passwords have most of the same abilities as the user's account password, however they're restricted from destructive actions such as account deletion or account migration. They are also restricted from creating additional app passwords.

No client changes are required to adopt app passwords. However, we strongly encourage you to prompt users to use an app password on login and avoid ever entering their password. For account creation, we encourage redirecting a user to the bluesky client (https://staging.bsky.app)

We also strong encourage you to delete all existing refresh tokens and re-fetch access/refresh tokens using an app password.

App passwords are of the form xxxx-xxxx-xxxx-xxxx. For your users' safety, you could run a quick check to ensure that they are logging in with an app password and not their account password.