atproto/oauth/tokens
Token endpoint calls: exchange an authorization code for DPoP-bound tokens,
refresh them with the rotating refresh token, and best-effort revocation.
Confidential clients pass client-assertion fields via extra_form.
Types
pub type Tokens {
Tokens(
access_token: String,
refresh_token: String,
sub: String,
expires_in: Int,
)
}
Constructors
-
Tokens( access_token: String, refresh_token: String, sub: String, expires_in: Int, )
Values
pub fn exchange_code(
client: xrpc.Client,
flow flow: flow.Flow,
code code: String,
redirect_uri redirect_uri: String,
extra_form extra_form: List(#(String, String)),
) -> Result(Tokens, String)
pub fn refresh(
client: xrpc.Client,
token_endpoint token_endpoint: String,
refresh_token refresh_token: String,
client_id client_id: String,
dpop_key dpop_key: gose.Key(String),
extra_form extra_form: List(#(String, String)),
) -> Result(Tokens, String)
pub fn revoke(
client: xrpc.Client,
issuer issuer: String,
refresh_token refresh_token: String,
client_id client_id: String,
dpop_key dpop_key: gose.Key(String),
extra_form extra_form: List(#(String, String)),
) -> Nil
Best-effort refresh-token revocation at logout: discover the AS revocation endpoint from the issuer and revoke. Failures are ignored (the caller clears its local session regardless).