com.atproto.identity.getRecommendedDidCredentials doesn't include all PDS-owned keys
#2665
Labels
bug
Something isn't working
Comments
|
We do have code which should be inserting both an online key and offline key: Not sure what is going on here, but probably a bug. |
|
Hey thanks for the report on this! It was a configuration issue in our PDSes. Just updated the env & rolled them so should be returning the correct recommended credentials now 👍 Closing the issue for now, but let me know if you run into any issues around it |
|
Confirming I see this fixed. Thanks! |
|
The issue appears to have resumed, at least for my PDS (oyster). Has a subsequent configuration update reverted the change @dholms made? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The repositories on one of the Bluesky-operated PDSs have two rotation keys, which per @bnewbold I now know to be an online key and an offline backup. However,
com.atproto.identity.getRecommendedDidCredentialsonly returns one of these keys (along with the signing key).Not including both keys makes it harder to determine which keys currently present in a DID Document are expected to be there, and more likely that third party software (that is adding its own rotation keys) might strip out the PDS's offline backup key as "unknown and therefore untrusted".
Opened per the discussion here: https://bsky.app/profile/str4d.xyz/post/3ky445z2yq72m
The text was updated successfully, but these errors were encountered: