feat: OAuth session (#243)

* Move AtpAgent

* Add Agent and SessionManager

* Temporary fix for bsky-sdk

* Add OAuthSession

* Update

* Update oauth_client::atproto

* Add refresh token request

* Update stores

* Add SessionStore and SessionGetter

* Use common for api

* Fix bsky-sdk

* Fix oauth-client

* Extract WrapperClient and InnerStore to agent.rs

* Add Configure and CloneWithProxy trait for agent

* Update AtpAgent

* Update

* Add tests for oauth_session, implement oauth_session::store

* WIP: Add tests for OAuthSession, update ServerAgent

* Implement refresh token

* Update atrium-api/agent

* Fix error

* Fix bsky_sdk

* Fix oauth-client

* Implement SessionGetter and SessionHandle

* Remove unused code

* Fix workflows

* Use is_some_and/is_ok_and

* Add tests for OAuthSession

* Implement OAuthClient::restore

* Implement OAuthClient::revoke()

* Rename session_getter to session_registry

* Fix for edition 2024

* WIP: Update SessionRegistry

* Update SessionRegistry

* WIP

* Add session_registry::tests

* Fix tests

* Remove DidResolver

* Remove HandleResolver

Author: sugyan

.github/workflows/wasm.yml

@@ -20,6 +20,10 @@ jobs:
       - uses: actions/checkout@v4
         with:
           path: crates
+      - name: Install Rust 1.75.0
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: 1.75.0
       # We use a synthetic crate to ensure no dev-dependencies are enabled, which can
       # be incompatible with some of these targets.
       - name: Create synthetic crate for testing

Cargo.lock

@@ -324,6 +324,7 @@ mod tests {
             &self,
             request: Request<Vec<u8>>,
         ) -> Result<Response<Vec<u8>>, Box<dyn std::error::Error + Send + Sync + 'static>> {
+            // tick tokio time
             #[cfg(not(target_arch = "wasm32"))]
             tokio::time::sleep(std::time::Duration::from_micros(10)).await;
 

atrium-api/src/agent/atp_agent.rs

@@ -2,14 +2,14 @@ use super::Store;
 use std::collections::HashMap;
 use std::fmt::Debug;
 use std::hash::Hash;
-use std::sync::{Arc, Mutex};
+use std::sync::Arc;
 use thiserror::Error;
+use tokio::sync::Mutex;
 
 #[derive(Error, Debug)]
 #[error("memory store error")]
 pub struct Error;
 
-// TODO: LRU cache?
 #[derive(Clone)]
 pub struct MemoryStore<K, V> {
     store: Arc<Mutex<HashMap<K, V>>>,
@@ -29,18 +29,18 @@ where
     type Error = Error;
 
     async fn get(&self, key: &K) -> Result<Option<V>, Self::Error> {
-        Ok(self.store.lock().unwrap().get(key).cloned())
+        Ok(self.store.lock().await.get(key).cloned())
     }
     async fn set(&self, key: K, value: V) -> Result<(), Self::Error> {
-        self.store.lock().unwrap().insert(key, value);
+        self.store.lock().await.insert(key, value);
         Ok(())
     }
     async fn del(&self, key: &K) -> Result<(), Self::Error> {
-        self.store.lock().unwrap().remove(key);
+        self.store.lock().await.remove(key);
         Ok(())
     }
     async fn clear(&self) -> Result<(), Self::Error> {
-        self.store.lock().unwrap().clear();
+        self.store.lock().await.clear();
         Ok(())
     }
 }

atrium-api/src/agent/store.rs

@@ -2,10 +2,9 @@ mod common_resolver;
 mod plc_resolver;
 mod web_resolver;
 
-use crate::Error;
-
 pub use self::common_resolver::{CommonDidResolver, CommonDidResolverConfig};
 pub use self::plc_resolver::DEFAULT_PLC_DIRECTORY_URL;
+use crate::Error;
 use atrium_api::did_doc::DidDocument;
 use atrium_api::types::string::Did;
 use atrium_common::resolver::Resolver;

atrium-api/src/agent/store/memory.rs

@@ -1,6 +1,8 @@
 use crate::error::{Error, Result};
-use crate::{did::DidResolver, handle::HandleResolver};
-use atrium_api::types::string::AtIdentifier;
+use atrium_api::{
+    did_doc::DidDocument,
+    types::string::{AtIdentifier, Did, Handle},
+};
 use atrium_common::resolver::Resolver;
 use serde::{Deserialize, Serialize};
 
@@ -29,8 +31,8 @@ impl<D, H> IdentityResolver<D, H> {
 
 impl<D, H> Resolver for IdentityResolver<D, H>
 where
-    D: DidResolver + Send + Sync + 'static,
-    H: HandleResolver + Send + Sync + 'static,
+    D: Resolver<Input = Did, Output = DidDocument, Error = Error> + Send + Sync,
+    H: Resolver<Input = Handle, Output = Did, Error = Error> + Send + Sync,
 {
     type Input = str;
     type Output = ResolvedIdentity;

atrium-common/src/store/memory.rs

@@ -14,12 +14,13 @@ keywords = ["atproto", "bluesky", "oauth"]
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-atrium-api = { workspace = true, default-features = false }
+atrium-api = { workspace = true, features = ["agent"] }
 atrium-common.workspace = true
 atrium-identity.workspace = true
 atrium-xrpc.workspace = true
 base64.workspace = true
 chrono.workspace = true
+dashmap.workspace = true
 ecdsa = { workspace = true, features = ["signing"] }
 elliptic-curve.workspace = true
 jose-jwa.workspace = true
@@ -32,11 +33,14 @@ serde_html_form.workspace = true
 serde_json.workspace = true
 sha2.workspace = true
 thiserror.workspace = true
+tokio = { workspace = true, features = ["sync"] }
 trait-variant.workspace = true
 
 [dev-dependencies]
+atrium-api = { workspace = true, features = ["bluesky"] }
+futures.workspace = true
 hickory-resolver.workspace = true
-p256 = { workspace = true, features = ["pem"] }
+p256 = { workspace = true, features = ["pem", "std"] }
 tokio = { workspace = true, features = ["macros", "rt-multi-thread"] }
 
 [features]

atrium-identity/src/did.rs

@@ -0,0 +1,28 @@
+use elliptic_curve::pkcs8::EncodePrivateKey;
+use elliptic_curve::SecretKey;
+use jose_jwa::{Algorithm, Signing};
+use jose_jwk::{Class, Jwk, JwkSet, Key, Parameters};
+use p256::NistP256;
+use rand::rngs::ThreadRng;
+
+fn main() -> Result<(), Box<dyn std::error::Error>> {
+    let secret_key = SecretKey::<NistP256>::random(&mut ThreadRng::default());
+    let key = Key::from(&secret_key.public_key().into());
+    let jwks = JwkSet {
+        keys: vec![Jwk {
+            key,
+            prm: Parameters {
+                alg: Some(Algorithm::Signing(Signing::Es256)),
+                kid: Some(String::from("kid01")),
+                cls: Some(Class::Signing),
+                ..Default::default()
+            },
+        }],
+    };
+    println!("SECRET KEY:");
+    println!("{}", secret_key.to_pkcs8_pem(Default::default())?.as_str());
+
+    println!("JWKS:");
+    println!("{}", serde_json::to_string_pretty(&jwks)?);
+    Ok(())
+}