resolveFromPds static method

Future<OAuthClient> resolveFromPds(
  1. OAuthClientMetadata metadata,
  2. String pds, {
  3. Client? httpClient,
})

Resolves the OAuth authorization server for a user's PDS and returns a ready-to-use OAuthClient.

Implements the atproto OAuth server-discovery flow: fetches the protected resource metadata (RFC 9728) from https://<pds>/.well-known/oauth-protected-resource, takes the first entry of authorization_servers, and configures the returned client to talk to that authorization server (entryway). The authorization server's own RFC 8414 metadata (PAR/authorize/token endpoints) is then resolved as usual by authorize and refresh.

pds is the personal data server URL or hostname (e.g. https://morel.us-east.host.bsky.network). A bare hostname is treated as https://<host>.

Throws an OAuthException when the protected resource metadata cannot be fetched or parsed, or when it does not declare a valid authorization server.

Implementation

static Future<OAuthClient> resolveFromPds(
  final OAuthClientMetadata metadata,
  final String pds, {
  final http.Client? httpClient,
}) async {
  final pdsOrigin = _normalizeHttpOrigin(pds, what: 'PDS URL');
  final authorizationServer = await _resolveAuthorizationServer(
    pdsOrigin,
    httpClient,
  );

  return OAuthClient(
    metadata,
    service: authorizationServer.authority,
    pds: pdsOrigin,
    httpClient: httpClient,
  );
}